A free HIPAA Security Risk Assessment tool from HHS? Finally ONC, in collaboration with the HHS Office for Civil Rights (OCR) and the HHS Office of the General Counsel (OGC), has offered a free service for covered entity’s to address the Stage 1. Risk Assessment requirements to Meaningful Use core measure 15. Covered Entities and Business Associates have struggled from inception to address HIPAA requirements. The outcry for free education and tools from the healthcare market to comply with the ever-evolving HIPAA rules and regulations have started to be answered. This is the first step of hopefully many where the government is providing help and not just additional compliance burdens on Covered Entities and Business Associates. This allows cash and resource strapped Covered Entities and Business Associates to focus efforts on the real meaning of HIPAA. Protecting personal health information (PHI).
The Security Risk Assessment Tool’s (SRA Tool) overall look and feel is simple yet intuitive and is exactly what covered entities have been looking for. Other great features are a glossary of key terms, things to consider, threats and vulnerabilities, and examples of safe guards. Lastly you can easily export your findings via excel or PDF to your internal compliance tracking efforts.
We applaud the efforts of HHS to address the Stage 1. Risk Assessment issue. Will there be a Stage 2? How is HHS going to help the overburdened Covered Entities and Business Associates address the issues of total HIPAA compliance, such as vendor management, remediation management, policies and procedures, employee attestation, and training logs.
Only time will tell.