HHS Launches New Security Risk Assessment Tool

The Department of Health and Human Services’ Office for Civil Rights (OCR) announced the newly released version of its tool for Security Risk Assessment (SRA).

The Office of the National Coordinator for Health Information Technology (ONC) developed the SRA tool with the cooperation of OCR. The goal of the project is to assist small- to medium-sized healthcare organizations in their compliance efforts with the security risk assessment requirements set by the HIPAA Security Rule as well as the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

Conducting a security risk assessment is necessary to determine all risks that would affect the confidentiality, availability, and integrity of protected health information (PHI). The risk assessment must determine any unaddressed risks that can subsequently be resolved by applying correct physical, organizational, and technical safety measures.

According to the results of HIPAA compliance audits and inspections of data breaches, healthcare organizations generally have a problem with the risk analysis. Failure to conduct a risk assessment is one of the typical reasons for the issuance of HIPAA penalties.

The last update of the SRA Tool by ONC and OCR was in October 2018. The changes improved the functionality of the tool and made it more extensively applicable to the risks to the confidentiality, availability, and integrity of PHI.

ONC explained that the tool lays out the HIPAA Security Rule safety measures and gives improved functionality to record how a healthcare provider uses safety measures to mitigate or strategizes to mitigate determined risks.

Additional enhancements had been added according to responses of the healthcare organizations that utilized the SRA Tool. Enhanced navigation through the assessment segments, new selections for exporting reports, and better user interface scaling had been added.

Get the latest SRA Tool version (v3.2) is for Windows and Mac OS on this page.

On September 17 at 10:30 AM E.T., ONC and OCR is going to host a webinar to present the latest SRA tool and give a review of the changes that were created. Sign up to join the webinar on this page.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA