HHS HIPAA Risk Assessment Tool Released

by | Apr 10, 2014

Carrying out an in depth risk assessment is a requirement under the HIPAA Security Rule; however it can be a complex process calling for all potential security weaknesses to be identified. The process can be a major task for any organization, especially when the penalties for non-compliance are so harsh.

As per the Security Rule, HIPAA-covered entities are required to complete a risk assessment to determine any potential vulnerabilities and take the appropriate actions to minimize and, as far as is possible, eliminate data security weaknesses. Incorporating the necessary security measures, software systems and data encryption services is essential under HIPAA regulations in order to keep electronic health records private and confidential.

The HHS realizes the challenges faced by healthcare organizations and has developed a tool to help organizations conduct thorough risk analyses and ensure they are fully HIPAA-compliant. Any organization about to complete a risk analyses under HIPAA should use the new tool provided by the HHS on its website.

The tool walks the user through a series of questions which need to be addressed as part of the risk assessment, with a step by step approach taken to ensure no important areas are missed. According to the HHS, the tool will not only help to reveal any security risk that exists, but it will also help organizations gain a better comprehesnion of their IT security systems as a complete body.

The new tool is a standalone application which is compatible with Windows PCs and laptops, while iPad users can download it from the Apple App Store.

The tool asks a range of 156 questions which allows the user to discover any areas which require immediate attention and correction. The tool incorporates supplemental information to help the user answer the questions accurately and provides help to explain the context of the question and the potential impact on PHI records.

The SRA Tool User Guide is downloadable from the HHS website. For information on using the application tool visit: http://www.healthit.gov/providers-professionals/security-risk-assessment-tool.

The use of the tool is not a necessity under the HIPAA Security Rule and it is is not a definitive source of guidance on HIPAA compliance, which should be obtained from the Health Information Privacy section of the HHS Office for Civil Rights website.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy