Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
On March 28, 2014, the U.S. Department of Health and Human Services launched a new security risk assessment (SRA) tool to help health care providers in small- to medium-sized offices conduct risk assessments of their organizations in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
The HIPAA Security Rule requires covered entities to safeguard the confidentiality, integrity and availability of electronic protected health information (“PHI”). One component of the Security Rule is the requirement that covered entities conduct a risk analysis, which is defined as an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI. According to HHS, the new SRA tool is specifically designed to help providers meet this obligation.
For more information regarding HIPAA’s privacy requirements, including the HIPAA Security Rule, click here.