Last Updated: Oct 26, 2018
Why should a health care organization conduct security risk assessments (SRAs)?
- Security risk assessments help health care organizations prevent data breaches and protect patients’ health information.
- These assessments are necessary for HIPAA Security Rule compliance.
- For clinicians participating in the Medicare program’s Merit-based Incentive Payment System (MIPS), a security risk analysis is a required base measure for the Promoting Interoperability performance category.
If you’re part of a small- and medium-sized practice with up to ten health care providers, there is a free online SRA Tool you can use to conduct SRAs. And, that SRA Tool has been updated with new features like a progress tracker, threats and vulnerabilities rating, detailed reports, and business associate and asset tracking.
The revised SRA Tool was released by the HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) in October 2018.
Get the SRA Tool
The new SRA Tool is available for Windows computers and laptops. There is also a previous iPad version of the tool available through Apple’s App Store (search under “HHS SRA Tool.”)
A Security Risk Assessment Tool User Guide is available at HealthIT.gov here.
You can find the Pennsylvania Medical Society’s (PAMED) HIPAA resources – including our HIPAA Security Toolkit and Notice of Privacy Practices example – online at www.pamedsoc.org/HIPAA. PAMED members with questions can also contact our Knowledge Center at 855-PAMED4U (855-726-3348) or KnowledgeCenter@pamedsoc.org.