The U.S. Department of Health and Human Services (HHS) has released a security risk assessment (SRA) tool to help healthcare providers in small- and medium-size offices conduct risk assessments of their organizations. The SRA tool, available for Windows and iPad, assesses the organization’s information security risks under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which is a core requirement for providers seeking payment through the Medicare and Medicaid EHR [electronic health records] Incentive Program, commonly known as the Meaningful Use Program.
The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). HIPAA requires organizations that handle protected health information to regularly review the administrative, physical, and technical safeguards in place to protect the security of the information. The tool can produce a report to be provided to auditors.
For more information, including a user guide, video tutorial, and risk analysis and contingency planning videos, or to provide feedback, visit the SRA tool website.