Reprinted with permission from Birmingham Medical News
The Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have recently launched a joint HIPAA Security Risk Assessment (SRA) Tool. The tool is designed to assist small and medium-sized health care practices and business associates in complying with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Particularly, the SRA Tool helps entities identify and assess risks and vulnerabilities to their electronic protected health information (ePHI), which can be downloaded at no cost. It is designed to help smaller organizations identify risk and make a plan for remediation and compliance.
All ePHI created, received, maintained, or transmitted by an organization is subject to the HIPAA Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security and integrity of ePHI.
The SRA Tool is a desktop application that walks users through the security risk assessment process…