HIMSS News

ONC and OCR Update HIPAA Security Risk Assessment Tool

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment (SRA) Tool.  The tool's new features make it even more useful in assisting small and medium-sized health care practices and business associates in complying with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

The revised SRA is compatible with Windows 8.0, 8.1, and 10 and has a Save As feature that lets organizations save their assessment to a different location, or share it with colleagues. Furthermore, entities can now report improvements that upgrade the look and functionality of their PDF reports, and will also have more options for what they can include in the report.

The SRA tool also helps organizations streamline their risk analyses activities. For example, organizations must answer a series of "yes" or "no" questions about their processes. There are resources within the Tool to ensure entities understand the question's context, are able to consider the consequences ifelectronic protected health information (ePHI) requirements are not met, and can see actual requirements language of the HIPAA Security Rule.