U.S. Department of Health & Human Services (HHS) has released a new Security Risk Assessment (SRA) tool to help health care providers in small-to-medium sized offices conduct risk assessments of their organizations.
The SRA Tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment to evaluate potential security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
The application, available for downloading at www.HealthIT.gov/security-risk-assessment, also produces a report that can be provided to auditors. The webpage contains a User Guide and Tutorial video to help providers begin using the tool.
Security Risk Assessment for Meaningful Use
Conducting and reviewing a security risk assessment is not only a key requirement of the HIPAA Security Rule, but is also a core objective for providers participating in the Medicare and Medicaid EHR Incentive Programs.
The CMS Security Risk Analysis Tipsheet helps providers understand:
- Steps for conducting a security risk analysis
- How to create an action plan
- Security areas to be considered and their corresponding security measures
- Myths and facts about conducting or reviewing a security risk analysis
Be sure to review the steps and conduct or review the analysis. It is required in both stages of meaningful use to receive an incentive payment.
SRA Tool Feedback
ONC is requesting that users provide feedback on the new SRA Tool. Public comments on the SRA Tool will be accepted until June 2, 2014.
For more information about the requirements for meaningful use, visit the EHR Incentive Programs website.