Updated Security Risk Assessment Tool made Avail by HHS

A new version of the Security Risk Assessment (SRA) Tool has been released by the Department of Health and Human Services’ Office for Civil Rights.

The SRA tool was created by the Office of the National Coordinator for Health Information Technology (ONC) in collaboration with OCR to assist small- to medium-sized healthcare providers comply with the security risk assessment obligations of the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

A security risk assessment is completed to list all risks to the confidentiality, integrity, and availability of protected health information (PHI). The risk assessment should disocover any unaddressed risks, which can then be addressed by putting in place appropriate physical, technical, and organizational security measures.

HIPAA compliance audits and investigations of data breaches have revealed healthcare providers often struggle with the risk assessment. Risk assessment failures are one of the most common reasons why HIPAA financial sanctions are applied.

ONC and OCR last rolled out a new version of the SRA Tool in October 2018, when changes were made to enhance usability and make the tool apply more broadly to the dangers of the confidentiality, integrity, and availability of PHI.

ONC. commented : “The tool diagrams the HIPAA Security Rule safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks”.

Additional enhancements have now been created thanks to feedback received from healthcare providers that have used the SRA Tool, including improvements to navigation throughout the assessment sections, new options for exporting reports, and better user interface scaling.

The most recent version (v3.2) of the SRA Tool is available for Windows from here. There is no Mac OS version as of yet.

ONC and OCR are presenting a webinar on September 17 at 10:30 AM E.T. to introduce the new SRA tool and to supply an overview of the enhancements that have been made. You can register for the webinar here.