HIPAA app designed to help practices conduct risk analyses

April 2, 2014

A new security risk assessment app designed to help small- to medium-sized practices conduct risk assessments of their organizations is now available for download from the U.S. Department of Health and Human Services.

A new security risk assessment (SRA) app designed to help small- to medium-sized practices conduct risk assessments of their organizations is now available for download from the U.S. Department of Health and Human Services (HHS).

The app is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

The application, available for downloading at the HealthIT website also produces a report that can be provided to auditors.

HIPAA requires physicians to regularly conduct SRAs, which involve comprehensive reviews of the administrative, physical, and technical safeguards they have in place to protect patient information. An SRA allows healthcare providers an opportunity to discover vulnerabilities in their security policies, processes, and systems in order to prevent data breaches. The SRA is also a core requirement for providers seeking meaningful use.

Since September 2009, there have been more than 900 large health breaches impacting more than 30.6 million U.S. residents, according to an analysis of breach data by GovInfoSecurity.

“Protecting patients’ protected health information is important to all health care providers and the new tool we are releasing today will help them assess the security of their organizations,” said Karen DeSalvo, M.D., national coordinator for health information technology, in a news release. “The SRA tool and its additional resources have been designed to help health care providers conduct a risk assessment to support better security for patient health data.”

The app website includes a user guide and tutorial video to help providers begin using the tool.

The tool is available for both Windows operating systems and Apple’s iOS. Download the Windows version at: http://www.healthit.gov/security-risk-assessment. The iOS iPad version is available from the Apple app store (HHS suggests searching “HHS SRA tool” to find the app).

The ONC is seeking user feedback. Public comments on the SRA tool will be accepted at the HealthIT website until June 2, 2014. 

x