A new security risk assessment (SRA) tool will assist health care providers in small to medium sized offices conduct risk assessments of their organizations. It is available from the U.S. Department of Health and Human Service (HHS). The SRA tool was developed by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR).(3) The tool is intended to aid practices in conducting and documenting a risk assessment in an systematized manner. It will allow them to evaluate the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The application is available for downloading.(4) The tool creates a report that can be provided to auditors.
The website offers Top 10 Myths of Security Risk Analysis.(5) It discusses things like the fact that all providers who are “covered entities” under HIPAA are required to perform a risk analysis.(5) There is a Tool User Guide, and it is available for Windows and Mac users. There is also a Tutorial video to help providers begin using the tool. Videos on risk analysis and contingency planning are available at the website to provide further context.
HIPAA requires organizations that handle protected health information to frequently review the administrative, physical, and technical safeguards they have in place to protect the security of the information. These risk assessments can expose possible weaknesses in security policies, processes, and systems. Risk assessments also help providers address vulnerabilities, possibly preventing health data breaches or other adverse security events.
Make sure your office is HIPAA compliant!
RELATED | Team EHR: Everything you and your dental team need to know about electronic dental records
