HHS Office of the National Coordinator for Health Information Technology and HHS Office for Civil Rights Update Security Risk Assessment Tool
The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have updated the Security Risk Assessment (SRA) Tool to make it easier to use and apply more broadly to the risks to health information.
The SRA tool is designed for use by small to medium sized health care practices – those with one to 10 health care providers – covered entities, and business associates to help them identify risks and vulnerabilities to ePHI. The updated tool provides enhanced functionality to document how such organizations can implement or plan to implement appropriate security measures to protect ePHI.
New features included with the updated tool include:
- Enhanced User Interface
- Modular workflow with question branching logic
- Custom Assessment Logic
- Progress Tracker
- Improved Threats & Vulnerabilities Rating
- Detailed Reports
- Business Associate and Asset Tracking
- Overall improvement of the user experience
All HIPAA covered entities and business associates are required to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by their organization. If you haven’t conducted a recent enterprise-wide risk analysis, now is the time to download the HHS SRA Tool to help with this foundational element upon which the security activities necessary to protect ePHI are built.
Included with today’s notice is an example policy address HIPAA risk analysis, as well as a link to the updated Security Risk Assessment (SRA) Tool.
Want to read the full alert and receive alert emails?