HB Ad Slot
HB Mobile Ad Slot
OCR and ONC Update Their Security Risk Assessment Tool
Thursday, October 18, 2018

On October 16, 2018 the Department of Health and Human Services Office for Civil Rights (“OCR”) and the Office of the National Coordinator for Health Information Technology (“ONC”) announced an update to their previously provided Security Risk Assessment Tool.  According to ONC and OCR, the “tool is designed to help healthcare providers conduct a security risk assessment” as required under the HIPAA Security Rule.  ONC states that the updated tool includes additional features such as:

  • Enhanced user interface

  • Modular workflow

  • Custom assessment logic

  • Progress tracker

  • Threats & vulnerabilities rating

  • Detailed reports

  • Business associate and asset tracking

  • Overall improvement of the user experience

As with prior tools, the ONC/OCR tool includes a broad disclaimer noting that use of the tool “does not guarantee compliance with federal, state or local laws”.  Indeed, ONC and OCR encourage providers to “seek expert advice when evaluating the use of the tool.”

Ultimately, while the tool may provide a useful resource for small physician groups, larger organizations are more likely to need what is rapidly becoming the industry standard of having a security risk assessment/risk analysis performed by an outside third party, and ensuring additional assessments (such as penetration testing of the systems) are a part of that full risk assessment for the organization.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins