HHS Security Risk Assessment Tool Updated


The update to the Security Risk Assessment (SRA) Tool of the Department of Health and Human Services’ Office for Civil Rights (OCR) has been updated and made available this week.

Initially developed by the Office of the National Coordinator for Health Information Technology (ONC) – in collaboration with OCR –  this tool assists small-to-medium sized healthcare groups adhere with comply with the security risk assessment requirements of the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

The risk assessment should identify any unaddressed risks, which can then be addressed by implementing appropriate physical, technical, and organizational safeguards. and will uncover all potential vulnerabilities to the confidentiality, integrity, and availability of protected health information (PHI).

HIPAA compliance audits and investigations of data breaches have shown how healthcare groups can experience difficulty with the risk assessment obligations. Risk assessment failures are one of the most common reasons why HIPAA penalties happen.

ONC and OCR last made enhancements to the SRA Tool in October 2018. At that time changes were applied to enhance user experience and make the tool better at addressing the dangers posed to the confidentiality, integrity, and availability of PHI.

ONC commented on the update, saying: “The tool diagrams the HIPAA Security Rule safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks.”

More improvements have been applied to the tool using the feedback received from healthcare providers that have used the SRA Tool. These improvements have led to better navigation throughout the assessment sections, new options for exporting reports, and smoother user interface scaling.

The new version (v3.2) of the SRA Tool for Windown can be downloaded from here. There is no Mac OS version yet.

ONC and OCR are presenting a webinar on September 17 at 10:30 AM E.T. to launch the change to the SRA tool and to give some insight into the enhancements. You can register for the webinar on this link.