Last Updated: Sep 22, 2020
In September 2020, the HHS Office of the National Coordinator for Health Information Technology and the HHS Office for Civil Rights releases the newest version of their online Security Risk Assessment (SRA) Tool.
The latest version of the SRA Tool includes enhancements such as improved navigation throughout the assessment sections, export options for reports, and enhanced user interface scaling.
Get the SRA Tool
The SRA Tool is designed for small to medium size practices, although a practice of any size can utilize the tool. It offers features like a progress tracker, threats and vulnerabilities rating, detailed reports, and business associate and asset tracking.
System Requirements: The SRA Tool is available for Windows computers and laptops. There is also a previous Pad version of the tool available through Apple’s App Store (search under “HHS SRA Tool.”). The SRA Tool is not available for MAC OS.
Why Should a Health Care Organization Conduct Security Risk Assessments (SRAs)?
- Security risk assessments help health care organizations prevent data breaches and protect patients’ health information.
- These assessments are necessary for HIPAA Security Rule compliance. Note that although the HIPAA Security Rule does not specify how frequently to perform a risk analysis, the rule states that the process should be ongoing.
- For clinicians participating in the Medicare program’s Merit-based Incentive Payment System (MIPS), the completion of a security risk analysis is required for the Promoting Interoperability performance category.
A Security Risk Assessment Tool User Guide is available at HealthIT.gov here.
The Pennsylvania Medical Society’s offers a Quick Consult fact sheet with 8 ways your practice can strengthen its ability to withstand a cyber attack. Get the Cybersecurity Fact Sheet.
PAMED members with questions can also contact our Knowledge Center at (800) 228-7823 or KnowledgeCenter@pamedsoc.org.