An updated version the Department of Health and Human Services’ Office for Civil Rights (OCR) Security Risk Assessment (SRA) Tool has now been released.
The Office of the National Coordinator for Health Information Technology (ONC) developed the tool with the assistance of OCR in order to help small- to medium-sized healthcare suppliers comply with the security risk assessment requirements of the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.
A security risk assessment is completed to discover every danger to the confidentiality, integrity, and availability of protected health information (PHI). The risk assessment should list all unaddressed dangers, which can then be tackled by using proper physical, technical, and organizational security methods.
HIPAA compliance audits and reviews of HIPAA data breaches have indicated that healthcare suppliers can have difficulty with the risk assessment. Risk assessment failures are one of the most common reasons why HIPAA penalties are sanctioned.
ONC and OCR last refreshed the SRA Tool as far back as October 2018, when amendment were applied to enhance usability and make the tool apply more widely to the dangers faced by the confidentiality, integrity, and availability of PHI.
ONC said: “The tool diagrams the HIPAA Security Rule safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks.”
Additional enhancements have now been made added using the feedback of healthcare suppliers using the SRA Tool, including better navigation throughout the assessment sections, new options for exporting reports, and easier user interface scaling.
The most recent version (v3.2) of the SRA Tool can be download for Windows here. A Mac OS version is not being offered currently.
ONC and OCR will presenting a webinar on September 17 at 10:30 AM E.T. to launch the new SRA tool and to go through the enhancements that have been made. You see more details here.