This article was updated on 7/24/2019.

The HHS Office for Civil Rights (OCR) hosted a webinar titled Security Risk Assessment Tool Overview and User Feedback Session on July 17 in an effort to help small- and medium-sized health care providers learn about the Security Risk Assessment Tool (SRA Tool) to evaluate their security measures against the growing number of security risks.

A risk assessment is a necessary part of handling medical records and other protected health information for health care entities and business associates to maintain compliance with the administrative, physical, and technical safeguards associated with the Health Insurance Portability and Accountability Act (HIPAA).

The SRA Tool is software developed the Office of the National Coordinator for Health Information Technology (ONC) and the OCR to assist in the effort to uncover potential security threats facing health care entities and their business associates. The software is available for Windows computers and laptops, along with an app for iPads.

The tool is designed to assist small to medium organizations in conducting an internal security risk assessment to aid in meeting the security risk analysis requirements of the HIPAA Security Rule and the CMS EHR Incentive Program. More specifically, the software safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks.

Webinar slides are available to view on the ONC website. We will update this post when a recording of the webinar is available.

Tricia L. Hoffman-Simanek
Tricia Hoffman-Simanek is an Attorney and Senior Vice President at Shuttleworth & Ingersoll, P.L.C. Her legal work focuses on the area of litigation, which includes but is not limited to, professional malpractice, long term care litigation, insurance defense, and other health law litigation.