CSG Law Alert: TPDI Healthcare Focus: Updated Version of HIPAA Security Risk Assessment Tool

The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), recently released an updated version (Version 3.4) of the Security Risk Assessment Tool (SRA Tool).  The Security Rule under the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and their business associates to conduct a risk assessment to identify any compliance gaps and ensure they are properly securing protected health information.  The risk assessment must be documented and is a material element of HIPAA compliance. The SRA Tool can be especially helpful to smaller entities with limited resources that may not be able to hire third parties to conduct their risk assessment.  The SRA Tool is available at https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.