New Security Risk Assessment Tool Helps with HIPAA Compliance

In March, the U.S. Department of Health and Human Services (HHS) released a new security risk assessment (SRA) tool to assist healthcare providers in small- to medium-sized offices oversee risk assessments of their facilities. The SRA tool, the result of a joint effort between the HHS Office of the National Coordinator for Health Information Technology and the Office for Civil Rights, provides a comprehensive and systematic approach for healthcare practices to conduct and record risk assessments to determine the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA). The act mandates that organizations regularly review the administrative, physical and technical safeguards they have in place to protect patient information. Risk assessments will enable providers to potentially avoid breaches in health data and other security violations by detecting gaps in their policies, systems and processes. Performing a security risk assessment is a fundamental prerequisite of the HIPAA Security Rule and a central requirement for providers pursuing payment through the Medicare and Medicaid EHR Incentive Program, also known as the meaningful use program.

The SRA tool is available as a downloadable application at www.HealthIT.gov/security-risk-assessment. The tool’s website contains a user guide and tutorial video to help healthcare providers begin to use the application. The tool is available for both the Windows operating system and iOS iPads.