I have been going over some of the meaningful use measurements and one of the requirements is that you have a security risk analysis. I can not find anywhere where you have to have an outside party conduct this assessment so I am wondering what you guys think. Would it be better to have a 3rd party do this or is this something that you guys do internally? If you do use a 3rd party who do you use or if internally which checklist do you use?
thanks,
Paul