HB Ad Slot
HB Mobile Ad Slot
HHS (Department of Health and Human Services) Releases HIPAA (Health Insurance Portability and Accountability Act) Security Risk Assessment Tool for Small Providers
Monday, March 31, 2014

On Friday, March 28, the U.S. Department of Health and Human Services (HHS) released a new security risk assessment tool to help providers in small to medium sized practices conduct risk assessments. The tool was designed by the HHS Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR).

Under HIPAA, covered entities and business associates that handle protected health information must review the administrative, physical and technical safeguards they have in place to protect the security of the information.  This review must include an assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic information.

Conducting a risk assessment is a requirement for compliance with the HIPAA Security Rule and can help uncover potential weaknesses in security processes and policies, address vulnerabilities and avoid breaches or other security events. HHS also notes in its press release that a risk assessment is also a core requirement for the Meaningful Use Program.

The tool aims to help providers understand steps for conducting a security risk analysis and creating an action plan. The tool is accompanied by resources, including a user guide, tutorial videos, and guidance on the Security Rule’s administrative,  physical and technical safeguards. Although the tool may be a helpful resource for providers, HHS notes that the use of the tool does not guarantee compliance with federal, state or local laws. Therefore, the security risk assessment tool may be a good starting point for small providers; larger providers may wish to incorporate the tool’s features into their own security risk assessment practices, which will likely be more comprehensive than the tool. For example, the HHS tool produces a report that can be saved and provided to OCR auditors, should the organization be audited.

The Windows version of the tool is available for download here. An iPad version is available via the Apple store (search for “HHS SRA tool”).

The ONC reports that it would like to improve the tool in future updates and is accepting comments until June 2. Comments may be submitted to the ONC – and existing comments may be reviewed – here.

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins