HHS releases tech tool to assess health IT security risks
Posted: March 28, 2014 - 2:00 pm ET
HHS released a new tool Friday to help healthcare providers assess their information security risks.
Developed by the HHS Office of the National Coordinator for Health Information Technology and the Office for Civil Rights, the security risk assessment tool is designed to help small- to medium-sized clinician offices conduct and document a risk assessment for their organization at their own pace under the Health Insurance Portability and Accountability Act security rule.
The application, which is available at no cost for download to both Windows operating systems and Apple iPads, includes 156 questions to guide organizations through each HIPAA requirement. Though the tool simply stores answers, comments and risk remediation plans—it does not send the data anywhere—the program does produce a report that can be submitted to auditors.
The security risk assessment tool is not a requirement under HIPAA, but it does help organizations comply with the HIPAA mandate that health plans, healthcare clearinghouses and most healthcare providers review their security policies, processes and systems. It's designed to be a way to uncover and address vulnerabilities that could open an organization up to data breaches or adverse security events affecting patient health data. The security risk assessment is also a requirement for providers under the Medicare and Medicaid Electronic Health Records Incentive Programs, more commonly referred to as meaningful use.