The Department of Health and Human Services released a new security risk assessment tool to help small to medium sized health care provider offices conduct risk assessments of their organizations.
The security risk assessment (SRA) tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology and Office for Civil Rights. The tool is designed to help practices conduct and document a risk assessment at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Conducting a security risk assessment is a key requirement of the HIPAA Security Rule, and a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program.
“Protecting patients’ protected health information is important to all health care providers and the new tool we are releasing today will help them assess the security of their organizations,” Karen DeSalvo, MD, national coordinator for health information technology, stated in a press release. “The SRA tool and its additional resources have been designed to help health care providers conduct a risk assessment to support better security for patient health data.”
A user guide and tutorial video are available on the HealthIT.gov website to help providers begin using the tool. Videos on risk analysis and contingency planning are available to provide further context.