Updated ONC Security Risk Assessment Tool Released

by Ryan Coyne | Sep 8, 2016

OCR normally to settles HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more the norm. If OCR investigators find HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million can be pursued for each violation category found.

One of the most commonly experienced reasons for a financial penalty is the failure to complete a comprehensive, organization-wide risk assessment. The risk assessment is a pivotal requirement of the HIPAA Security Rule – 45 C.F.R. §§ 164.308(a)(1)(ii)(A), and is one of four required implementation specifications in the Security Management Process.

The purpose of the risk assessment is to uncover all potential risks to the confidentiality, integrity, and availability of all ePHI that a covered entity creates, receives, maintains, or transmits. The risk assessment review all forms of ePHI, and all devices and systems that touch ePHI.

As was the case with the pilot phase of the HIPAA compliance audits and subsequent PHI breach investigations, small to medium-sized covered bodies often struggle with the risk assessment.

To help covered bodies comply with this element of the Security Rule, the Office of the National Coordinator for Health Information Technology (ONC), Office of the General Counsel (OGC), and OCR formulat eda security risk assessment tool.

The security risk assessment tool developed by the OCR is a self-contained operating system-independent application for Windows devices and iPads. The tool can be utilized to ensure that a risk assessment is conducted in a thorough, organized fashion.

The tool includes 156 questions covering HIPAA requirements in relation to each covered body’s activities. It is not necessary to use the tool, although it is advisable for small to medium-sized covered bodies.

The tool was first released in March 2014, but is regularly updated. This week ONC/OCR has revealed that the tool has been updated with new features including enhanced reporting functions. The new tool also works with Windows 10. An updated paper-based version of the tool has also been made available to covered entities.

The tool can be downloaded for no charge from the Apple App store or from the HealthIT.gov website.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter