HHS HIPAA Risk Assessment Tool Released

by Ryan Coyne | Apr 10, 2014

Carrying out an in depth risk assessment is a requirement under the HIPAA Security Rule; however it can be a complex process calling for all potential security weaknesses to be identified. The process can be a major task for any organization, especially when the penalties for non-compliance are so harsh.

As per the Security Rule, HIPAA-covered entities are required to complete a risk assessment to determine any potential vulnerabilities and take the appropriate actions to minimize and, as far as is possible, eliminate data security weaknesses. Incorporating the necessary security measures, software systems and data encryption services is essential under HIPAA regulations in order to keep electronic health records private and confidential.

The HHS realizes the challenges faced by healthcare organizations and has developed a tool to help organizations conduct thorough risk analyses and ensure they are fully HIPAA-compliant. Any organization about to complete a risk analyses under HIPAA should use the new tool provided by the HHS on its website.

The tool walks the user through a series of questions which need to be addressed as part of the risk assessment, with a step by step approach taken to ensure no important areas are missed. According to the HHS, the tool will not only help to reveal any security risk that exists, but it will also help organizations gain a better comprehesnion of their IT security systems as a complete body.

The new tool is a standalone application which is compatible with Windows PCs and laptops, while iPad users can download it from the Apple App Store.

The tool asks a range of 156 questions which allows the user to discover any areas which require immediate attention and correction. The tool incorporates supplemental information to help the user answer the questions accurately and provides help to explain the context of the question and the potential impact on PHI records.

The SRA Tool User Guide is downloadable from the HHS website. For information on using the application tool visit: http://www.healthit.gov/providers-professionals/security-risk-assessment-tool.

The use of the tool is not a necessity under the HIPAA Security Rule and it is is not a definitive source of guidance on HIPAA compliance, which should be obtained from the Health Information Privacy section of the HHS Office for Civil Rights website.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter