The HHS has updated its HIPAA Security Risk Assessment Tool and has added several new features that have been requested by users to improve usability.
The HIPAA Security Risk Assessment Tool was developed by the HHS Office of the National Coordinator for Health Information Technology (ONC) in collaboration with the HHS’ Office for Civil Rights.
The Security Risk Assessment Tool can help small to medium sized healthcare organizations conduct a comprehensive, organization-wide risk assessment to identify all risks to the confidentiality, integrity, and availability of protected health information (PHI).
By using the tool, healthcare organizations will be able to identify and assess risks and vulnerabilities and use that information to improve their defenses against malware, ransomware, viruses, botnets and other types of cyberattack.
The risk assessment is a foundational element of compliance with the Health Insurance Portability Act Security Rule. By conducting a risk assessment, healthcare organizations can identify areas where PHI may be at risk. Any risks can then be assessed, prioritized, and reduced to a reasonable and acceptable level.
Since its initial release, the tool has been updated several times to improve usability and add additional functions. The latest version of the Risk Assessment Tool – Version 3.1 – has been released to coincide with National Cybersecurity Awareness Month and includes several user-requested improvements:
- Threat and vulnerability validation
- Incorporation of NIST Cybersecurity Framework references
- Improved asset and vendor management
- Question flagging and a new Flagged Report
- Ability to export Detailed Reports to Excel
- Fixes for several reported bugs to improve stability
The tool can be downloaded from the HHS for Windows devices, although the latest version is not available for Mac OS.
The HHS points out that the tool is only as useful as the work that goes into conducting and documenting a risk assessment. Use of the tool does not guarantee compliance with the risk assessment requirements of the HIPAA Security Rule and will only help HIPAA-covered entities and their business associates conduct periodic risk assessments.
The post HHS Releases Updated HIPAA Security Risk Assessment Tool appeared first on HIPAA Journal.