HHS Tool Helps Providers with HIPAA Compliance
Posted on June 2, 2014
The US Department of Health and Human Services (HHS) has released a new security risk assessment (SRA) tool to help guide healthcare providers in small-to-medium sized offices conduct risk assessments of their organizations.
The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The application, available for downloading at www.HealthIT.gov/security-risk-assessment, also produces a report that can be provided to auditors.
HIPAA requires organizations that handle protected health information to regularly review the administrative, physical, and technical safeguards they have in place to protect the security of the information. These risk assessments can uncover potential weaknesses in security policies, processes, and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events.
“We are pleased to have collaborated with the ONC on this project,” said Susan McAndrew, deputy director of OCR’s Division of Health Information Privacy. “We believe this tool will greatly assist providers in performing a risk assessment to meet their obligations under the HIPAA Security Rule.”
The Windows version is available at http://www.HealthIT.gov/security-risk-assessment. The iOS iPad version is available from the Apple App Store (search “HHS SRA tool”).
Public comments on the SRA tool will be accepted at http://www.HealthIT.gov/security-risk-assessment until June 2, 2014.