A HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC), the HHS Office of Civil Rights (OCR) and the HHS Office of General Counsel (OGC). This SRA tool is intended to help guide health care providers in small and medium sized offices to conduct the risk assessment required under HIPAA. Such an assessment assists health care providers in identifying areas of vulnerability and weakness so that necessary improvements in security can be made. The HHS Press Release and the ONC Press Release each contain hyperlinks to the SRA tool, which is available for Windows and iOS iPAD. While use of this specific tool is not a requirement under HIPAA, the SRA tool provides a very good option for small and medium sized providers to utilize in promoting compliance with HIPAA security.
Posted by: Paul J. Welk, PT, JD