HIPPA security? There’s an app for that

The U.S. Department of Health and Human Services (HHS) has released a free app to help small to medium-sized outpatient healthcare providers conduct required security risk assessments.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires all organizations that handle protected health information (PHI) to conduct regular reviews of their administrative, physical and technical security measures that safeguard this information. In addition conducting a security risk assessment is a core requirement that providers must meet in order to receive payments through the Medicare and Medicaid EHR Incentive Program, aka the Meaningful Use program.

However, smaller practices typically do not have an internal risk department dedicated to conducting these types of reviews and generating reports that can be given to government auditors. The HHS app is designed to be one option for filling this gap, but is not required by the HIPAA Security Rule.

The security and risk assessment app was developed in collaboration with the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR), and according to HHS, it allows practices to “conduct and document a risk assessment in a thorough, organized fashion at their own pace.”

HHS refers to its app as an SRA tool, and notes that it is available for both Windows operating systems and iOS iPads. Download the Windows version at http://www.HealthIT.gov/security-risk-assessment and the iOS iPad version from the Apple App Store. (Search the Apple App Store for the “HHS SRA tool.”)

Other online resources include a User Guide and Tutorial video on the SRA tool’s website, as well as videos on risk analysis and contingency planning.

A government report release earlier this year on the public’s perception of the security of electronic health records and how that correlated with the withholding of information from healthcare providers revealed the vested interest the government has in helping healthcare providers secure patient information. If patients lose confidence in the security of their personal healthcare information, much of the government’s efforts in advancing EHR adoption and interoperability might be wasted. (Read our report here.)

The ONC is asking that those who download and use the tool help them improve future versions by providing feedback on this version. Public comments on the SRA tool can be left at http://www.HealthIT.gov/security-risk-assessment between now and June 2, 2014.

Lena Kauffman,

Contributor

Lena Kauffman is a contributing writer based in Ann Arbor, Michigan.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup