Attest for Meaningful Use Security-Related Objective
You can register for the Meaningful Use Programs anytime, but to attest, you must meet the Meaningful Use requirements for an EHR reporting period. So, only attest after you have conducted your security risk analysis (or reassessment), corrected any identified issues, and documented those changes.
Monitor, Audit, and Update Security on an Ongoing Basis
The HIPAA Security Rule requires that you have audit controls in place and have the ability to audit. Have your security officer, Information Technology (IT) administrator, and EHR developer work together so your system’s monitoring/audit functions are active and configured to your needs. Set up your EHR to maintain an audit log on who, what, when, where, and how your patients’ ePHI has been accessed.
Source: HealthIT.gov