On Oct. 30, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) announced the release of a new downloadable version (3.1) of the HHS Security Risk Assessment (SRA) Tool to help HIPAA covered entities and business associates assess risks to the confidentiality, integrity and availability of electronic protected health information (ePHI).
Enterprise-wide risk assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI (also known as risk analysis) is essential for HIPAA covered entities and business associates. In fact, it was recently identified as one of the most prevalent HIPAA violations and should be conducted and updated regularly.
A wide range of health care organizations are likely to find the SRA Tool useful in navigating the challenges of conducting and regularly updating its risk assessment. OCR and ONC identify small and medium sized health care organizations as the target audience and tout functionality updates and new features in this version.
For more information, please contact the attorney listed below.