Listen to this post

On September 13, 2023, the National Coordinator for Health Information Technology (“ONC”) and the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment (“SRA”) Tool under the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule.

The HIPAA Security Rule requires HIPAA covered entities to perform a risk assessment to identify and evaluate potential risks and vulnerabilities associated with the processing of electronic protected health information. The SRA is designed to assist small- and medium-sized covered entities with conducting the risk analyses required under the HIPAA Security Rule.

The latest version of the SRA Tool introduces a number of new features, including a glossary, updated references to the latest edition of the Health Industry Cybersecurity Practices, and a remediation report for tracking and recording responses. The SRA tool is available through the ONC’s website.