Updated Security Risk Assessment Tool Can Help Practices Meet HIPAA & MIPS Requirements

Last Updated: Oct 26, 2018

securityWhy should a health care organization conduct security risk assessments (SRAs)?

  1. Security risk assessments help health care organizations prevent data breaches and protect patients’ health information.
  2. These assessments are necessary for HIPAA Security Rule compliance.
  3. For clinicians participating in the Medicare program’s Merit-based Incentive Payment System (MIPS), a security risk analysis is a required base measure for the Promoting Interoperability performance category.

If you’re part of a small- and medium-sized practice with up to ten health care providers, there is a free online SRA Tool you can use to conduct SRAs. And, that SRA Tool has been updated with new features like a progress tracker, threats and vulnerabilities rating, detailed reports, and business associate and asset tracking.

The revised SRA Tool was released by the HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) in October 2018.

Get the SRA Tool 

The new SRA Tool is available for Windows computers and laptops. There is also a previous iPad version of the tool available through Apple’s App Store (search under “HHS SRA Tool.”)

Additional Resources

A Security Risk Assessment Tool User Guide is available at HealthIT.gov here.

You can find the Pennsylvania Medical Society’s (PAMED) HIPAA resources – including our HIPAA Security Toolkit and Notice of Privacy Practices example – online at www.pamedsoc.org/HIPAA. PAMED members with questions can also contact our Knowledge Center at 855-PAMED4U (855-726-3348) or KnowledgeCenter@pamedsoc.org

Leave a comment

Norcal Mutual

Learn More