Keeping You Connected

The SBCMS keeps you up to date on the latest news,
policy developments, and events

SBCMS News/Media

HHS releases security risk assessment tool to help providers with HIPAA compliance



The U.S. Department of Health and Human Services (HHS) has released a new tool to help guide health care providers in small to medium sized practices conduct information security risk assessments of their organizations.
 
The tool, available at www.HealthIT.gov, is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). It is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The tool also produces a report that can be provided to auditors.
 
HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.
 
Conducting a security risk assessment is a key requirement of the HIPAA Security Rule and a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program.
 
The tool is available for both Windows operating systems and iPad. Download the Windows version here. The iPad version is available from the iTunes App Store (search “HHS SRA tool”).
 
For more information, see CMA On-Call document #4102, "HIPAA Security Rule." On-Call documents are available free to members in CMA's online health law library at www.cmanet.org/cma-on-call. Nonmembers can purchase documents for $2/page.


Comments are closed.