HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HHS Releases Updated Security Risk Assessment Tool

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that a new version of its Security Risk Assessment (SRA) Tool has now been released.

The SRA tool was developed by the Office of the National Coordinator for Health Information Technology (ONC) in collaboration with OCR to help small- to medium-sized healthcare providers comply with the security risk assessment requirements of the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

A security risk assessment is conducted to identify all risks to the confidentiality, integrity, and availability of protected health information (PHI). The risk assessment should identify any unaddressed risks, which can then be addressed by implementing appropriate physical, technical, and organizational safeguards.

HIPAA compliance audits and investigations of data breaches have revealed healthcare providers often struggle with the risk assessment. Risk assessment failures are one of the most common reasons why HIPAA penalties are issued.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

ONC and OCR last updated the SRA Tool in October 2018, when changes were made to improve usability and make the tool apply more broadly to the risks to the confidentiality, integrity, and availability of PHI.

“The tool diagrams the HIPAA Security Rule safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks,” explained ONC.

Further enhancements have now been made based on feedback received from healthcare providers that have used the SRA Tool, including improvements to navigation throughout the assessment sections, new options for exporting reports, and enhanced user interface scaling.

The latest version (v3.2) of the SRA Tool is available for Windows on this link. A Mac OS version is not being offered at this time.

ONC and OCR will be hosting a webinar on September 17 at 10:30 AM E.T. to introduce the new SRA tool and to provide an overview of the improvements that have been made. You can register for the webinar on this link.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.