Monday, November 25, 2019

Failure to do risk assessment most common HIPAA violation


PARCA eNews – Oct. 30, 2019 – Failure to conduct a risk assessment as required by HIPAA is among the most common cybersecurity violations healthcare organizations are charged with according to the Office of Civil Rights.

Recognizing that organizations often struggle with compliance, the Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), has released an updated downloadable Security Risk Assessment (SRA) tool free to healthcare organizations.


The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.

The tool offers users a way to systematically gather the information and data needed to assess their cybersecurity weaknesses. The tool will help users to identify potential threats and vulnerabilities to ePersonal Health Information, review all electronic devices that carry personal health information, assess overall security risks on a routine basis, and assist with compliance with HIPAA security rule requirements.

Originally released in 2018, the updated tool is designed to be more user friendly with new features including:

  • Modular workflow
  • Custom assessment logic
  • Progress tracker
  • Threats & vulnerabilities rating
  • Detailed reports
  • Business associate and asset tracking
  • Overall improvement of the user experience


The online tool can be downloaded at the HSS site. Paper-based version of the SRA 2.0 tool is also available:

https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

Sources: HealthIT Buzz and HealthIT press release

No comments:

Post a Comment

Followers