HHS Updates It's HIPAA Securty Risk Assessment Tool

On October 30, 2019, the Department of Health and Human Services (HHS) announced the release of version 3.1 of the HHS Security Risk Assessment (SRA) Tool.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and their business associates conduct a risk assessment of their organization. A risk assessment helps the organization ensure it is compliant with HIPAA's administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where an organization's protected health information (PHI) could be at risk.

The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide small and medium sized health care organizations through the process. It is designed to assist organizations in their efforts to assess security risks and help reduce the chance of being impacted by malware, ransomware, and other cyberattacks.

The 3.1 version of the SRA Tool includes functionality updates based on public input. New features include:

• Threat and vulnerability validation;
• Improved asset and vendor management (multi-select and delete functions added);
• Incorporation of NIST Cybersecurity Framework references;
• Capability to export the Detailed Report to Excel;
• Addition of question flagging and a Flagged Report; and
• Bug fixes and improved stability.

Download the 3.1 version of the SRA Tool and its User Guide at https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.

Trusiak Law can assist you in implementing measures to comply with the HIPAA security risk assessment requirement as well as other HIPAA requirements. It will be done under attorney client privilege to protect you.