HIPPA security? There’s an app for that
Lena Kauffman | April 02, 2014 | Health Exec | Digital Transformation

The U.S. Department of Health and Human Services (HHS) has released a free app to help small to medium-sized outpatient healthcare providers conduct required security risk assessments.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires all organizations that handle protected health information (PHI) to conduct regular reviews of their administrative, physical and technical security measures that safeguard this information. In addition conducting a security risk assessment is a core requirement that providers must meet in order to receive payments through the Medicare and Medicaid EHR Incentive Program, aka the Meaningful Use program.

However, smaller practices typically do not have an internal risk department dedicated to conducting these types of reviews and generating reports that can be given to government auditors. The HHS app is designed to be one option for filling this gap, but is not required by the HIPAA Security Rule.

The security and risk assessment app was developed in collaboration with the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR), and according to HHS, it allows practices to “conduct and document a risk assessment in a thorough, organized fashion at their own pace.”

HHS refers to its app as an SRA tool, and notes that it is available for both Windows operating systems and iOS iPads. Download the Windows version at http://www.HealthIT.gov/security-risk-assessment and the iOS iPad version from the Apple App Store. (Search the Apple App Store for the “HHS SRA tool.”)

Other online resources include a User Guide and Tutorial video on the SRA tool’s website, as well as videos on risk analysis and contingency planning.

A government report release earlier this year on the public’s perception of the security of electronic health records and how that correlated with the withholding of information from healthcare providers revealed the vested interest the government has in helping healthcare providers secure patient information. If patients lose confidence in the security of their personal healthcare information, much of the government’s efforts in advancing EHR adoption and interoperability might be wasted. (Read our report here.)

The ONC is asking that those who download and use the tool help them improve future versions by providing feedback on this version. Public comments on the SRA tool can be left at http://www.HealthIT.gov/security-risk-assessment between now and June 2, 2014.

Lena Kauffman,

Contributor

Lena Kauffman is a contributing writer based in Ann Arbor, Michigan.

Related Content

10 things you may have suspected about AI but didn’t know for sure till now
Physicians are embracing clinical GenAI—in theory, at least
Submitted for consideration by all healthcare AI stakeholders: 10 principles, 6 commitments, 1 direction
The well for AI training data is running dry. Big Tech heavyweights are taking extraordinary measures to deal with the drought.
GenAI-focused market researchers: ‘The payer–provider divide is wide and has dangerous implications’
Ready and willing but not yet able: America’s schools staring down GenAI

Design by Adaptive Theme
Trimed Popup
Trimed Popup