Does my facility have to perform a security risk analysis for Meaningful Use Stage 2?

As with Meaningful Use Stage 1, each facility will have to review or conduct a security risk analysis of the certified EHR prior to the end of the reporting period. A new review must occur for each subsequent reporting period. Parameters of the risk analysis are defined in 45 CFR 164.308(a)(1) created by the HIPAA Security Rule.