Saturday, March 29, 2014

HHS releases security risk assessment tool to help providers with HIPAA compliance

security risk assessment tool to help providers with HIPAA compliance:



A new security risk assessment (SRA) tool to help guide health care

providers in small to medium sized offices conduct risk assessments of

their organizations is now available from HHS.





The SRA tool is the result of a collaborative effort by the HHS Office of the National

Coordinator for Health Information Technology (ONC) and Office for Civil

Rights (OCR). The tool is designed to help practices conduct and

document a risk assessment in a thorough, organized fashion at their own

pace by allowing them to assess the information security risks in their

organizations under the Health Insurance Portability and Accountability

Act (HIPAA) Security Rule.





The application, available for downloading

at www.HealthIT.gov/security-risk-assessment also produces a report that can be provided to auditors.



HIPAA requires organizations that handle protected health information to

regularly review the administrative, physical and technical safeguards

they have in place to protect the security of the information. By

conducting these risk assessments, health care providers can uncover

potential weaknesses in their security policies, processes and systems.

Risk assessments also help providers address vulnerabilities,

potentially preventing health data breaches or other adverse security

events. A vigorous risk assessment process supports improved security of

patient health data.



Conducting a security risk assessment is a

key requirement of the HIPAA Security Rule and a core requirement for

providers seeking payment through the Medicare and Medicaid EHR

Incentive Program, commonly known as the Meaningful Use Program.



“Protecting patients’ protected health information is important to all health care

providers and the new tool we are releasing today will help them assess

the security of their organizations,” said Karen DeSalvo, M.D., national

coordinator for health information technology. “The SRA tool and its

additional resources have been designed to help health care providers

conduct a risk assessment to support better security for patient health

data.”





“We are pleased to have collaborated with the ONC on this

project,” said Susan McAndrew, deputy director of OCR’s Division of

Health Information Privacy. “We believe this tool will greatly assist

providers in performing a risk assessment to meet their obligations

under the HIPAA Security Rule.”



The SRA tool’s website contains a User Guide and Tutorial video to help providers begin using

the tool. Videos on risk analysis and contingency planning are available

at the website to provide further context.



The tool is available for both Windows operating systems and iOS iPads. Download the Windows version at http://www.HealthIT.gov/security-risk-assessment. The iOS iPad version is available from the Apple App Store (search under “HHS SRA tool”).



HHS releases security risk assessment tool to help providers with HIPAA compliance: