Is there any difference between the requirement of Core Measure 15 and existing HIPAA regulations that providers and practices should have been compliant over the next few years?

No. CMS has stated that they’re not using the meaningful use criteria to introduce any new security requirements. So, this should be nothing new to anyone. Performing a security risk analysis is required by the HIPAA Security Rule, as is “Apply security updates as needed” – both of those are administrative safeguards in the Security Rule. The requirement to remediate any problems means that if you do find some problems, you can’t ignore them and have to do something about them.