What is the exact requirement related to privacy and security of stage 1 of Meaningful Use?

Core objective # 15: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
Under the HIPAA Security Rule, you are required to implement policies and procedures to prevent, detect, contain, and correct security violations (45 CFR 164.308).