ONC, OCR update HIPAA security risk assessment tool

The Office of the National Coordinator for Health IT and the Office for Civil Rights have revised their HIPAA Security Risk Assessment (SRA) Tool in an effort to make it more useful to small and medium-sized healthcare practices and small business associates.

ONC and OCR first launched their SRA Tool in 2014 to help smaller organizations conduct and document a risk assessment, a critical requirement of HIPAA’s Security Rule and a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program.

“This tool is not required by the HIPAA Security Rule, but is meant to assist providers and professionals as they perform a risk assessment,” states ONC’s website.

Also See: New guidance lays out HIPAA obligations for cloud computing

According to Ebony Brice, an ONC IT security specialist, and Nick Heesters, an OCR health information privacy security specialist, the new features of the SRA Tool can help streamline covered entities’ security risk analysis process and support their organization’s security compliance.

“The SRA Tool takes you through each HIPAA Security Rule requirement by presenting a series of questions about your organization’s activities,” wrote Brice and Heesters in an October 13 blog. “Your ‘yes’ or ‘no’ answer will show you if you need to take corrective action for that particular item.”

They say the updated SRA Tool is easier to use and includes the following features:

  • Compatibility with additional versions of Windows—Windows 8.0, 8.1, and 10.
  • A “save as” feature that lets users save their assessment to a different location, or share it with colleagues.
  • Reporting improvements that upgrade the look and functionality of PDF reports while giving users more options for what they can include in the report.

Brice and Heesters recommend that covered entities conduct risk assessments on an annual basis. The updated SRA Tool and revised user guide are available here.

“The SRA Tool is a self-contained, operating system (OS) independent application that can be run on various environments, including Windows OS’s for desktop and laptop computers and Apple’s iOS for iPad only,” adds ONC’s website. “The iOS SRA Tool application for iPad, available at no cost, can be downloaded from Apple’s App Store.”

For reprint and licensing requests for this article, click here.