HHS Reveals Security Risk Assessment Tool | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HHS Reveals Security Risk Assessment Tool

March 28, 2014
by Rajiv Leventhal
| Reprints

A new security risk assessment (SRA) tool to help guide healthcare providers in small to medium-sized offices conduct risk assessments of their organizations is now available from the U.S. Department of Health & Human Services (HHS).

The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The application, available for downloading, also produces a report that can be provided to auditors.

HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, healthcare providers can uncover potential weaknesses in their security policies, processes and systems.  Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data, say HHS officials.

“Protecting patients’ protected health information is important to all health care providers and the new tool we are releasing today will help them assess the security of their organizations,” Karen DeSalvo, M.D., national coordinator for health IT, said in a statement. “The SRA tool and its additional resources have been designed to help health care providers conduct a risk assessment to support better security for patient health data.”

“We are pleased to have collaborated with the ONC on this project,” added Susan McAndrew, deputy director of OCR’s Division of Health Information Privacy. “We believe this tool will greatly assist providers in performing a risk assessment to meet their obligations under the HIPAA Security Rule.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.