HHS Releases Updated HIPAA Security Risk Assessment Tool

As cybersecurity threats increase, the need for healthcare providers to conduct periodic security risk assessments as required by the HIPAA Security Rule has become more critical. To assist providers in this task, the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology and Office for Civil Rights recently updated their downloadable Security Risk Assessment (SRA) Tool to make it more user friendly and to add new features, including an enhanced user interface, modular workflow with question branching logic, custom assessment logic, and progress tracker.

The SRA Tool collects data locally from users’ computers or tablets and generates detailed reports to determine risks in policies and processes system-wide. None of the information collected by the tool is sent to HHS. The tool was designed for small- to medium-sized healthcare practices with up to 10 providers, and can also be used by other covered entities and business associates. Use of the tool can help identify risks so that users can implement appropriate security measures to protect patient information.

The updated SRA Tool (Version 3.0) is available only for Windows products and can be downloaded from the HealthIT.gov website, which also has a detailed user guide for the tool. The prior version of the tool for Apple products is still available in the Apple App Store.