A new security risk assessment (SRA) tool to help small- to medium-sized practices conduct risk assessments is now available from U.S. Health and Human Services.
“We believe this tool will greatly assist providers in performing a risk assessment to meet their obligations under the HIPAA Security Rule,” said Susan McAndrew, deputy director of HHS Office of the National Coordinator for Health Information Technology (ONC) Division of Health Information Privacy.
The SRA tool is available for downloading here and also produces a report that can be provided to auditors.
HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. Conducting risk assessments lets you uncover potential weaknesses in your security policies, processes and systems. Risk assessments also help you address vulnerabilities, potentially preventing health data breaches or other adverse security events.
In addition, conducting a security risk assessment is a key requirement of the HIPAA Security Rule and a core requirement for providers seeking payment through the Medicare and Medicaid Electronic Health Record Incentive Program.
An iOS iPad version is available in the iTunes store; search under “HHS SRA tool.”