The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and their business associates conduct a risk assessment of their healthcare organization. A risk assessment helps your organization ensure it is compliant with HIPAAs administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organizations protected health information (PHI) could be at risk.
The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide you through the process. The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.