Security Risk Assessment Tool HealthITgov

pppppppppppppppppThe Health Insurance Portability and Accountability Act HIPAA Security Rule requires that covered entities and its business associates conduct a risk assessment of their healthcare organization A risk assessment helps your organization ensure it is compliant with HIPAAs administrative physical and technical safeguards A risk assessment also helps reveal areas where your organizations protected health information PHI could be at risk To learn more about the assessment process and how it benefits your organization visit the Office for Civil Rights official guidanceppThe Office of the National Coordinator for Health Information Technology ONC in collaboration with the HHS Office for Civil Rights OCR developed a downloadable Security Risk Assessment SRA Tool to help guide you through the process The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule The target audience of this tool is medium and small providers thus use of this tool may not be appropriate for larger organizationsppThe SRA Tool is a desktop application that walks users through the security risk assessment process using a simple wizardbased approach Users are guided through multiplechoice questions threat and vulnerability assessments and asset and vendor management References and additional guidance are given along the way Reports are available to save and print after the assessment is completedppThis application can be installed on computers running 64bit versions of Microsoft Windows 781011 All information entered into the tool is stored locally on the users computer HHS does not collect view store or transmit any information entered into the SRA ToolppDownload Version 35 of the SRA Tool for Windows msi 942 MBppThis version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application This version of the SRA Tool is intended to replace the legacy Paper Version and may be a good option for users who do not have access to Microsoft Windows or otherwise need more flexibility than is provided by the SRA Tool for WindowsppThis workbook can be used on any computer using Microsoft Excel or another program capable of handling xlsx files Some features and formatting may only work in ExcelppDownload Version 35 of the SRA Tool Excel Workbook xlsx 140 KBppDownload the SRA Tool User Guide for FAQs and details on how to install and use the SRA Tool application and SRA Tool Excel WorkbookppDownload SRA Tool v35 User Guide pdf 23 MBppThe Security Risk Assessment Tool at HealthITgov is provided for informational purposes only Use of this tool is neither required by nor guarantees compliance with federal state or local laws Please note that the information presented may not be applicable or appropriate for all health care providers and organizations The Security Risk Assessment Tool is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks For more information about the HIPAA Privacy and Security Rules please visit the HHS Office for Civil Rights Health Information Privacy websiteppNOTE The NIST Standards provided in this tool are for informational purposes only as they may reflect current best practices in information technology and are not required for compliance with the HIPAA Security Rules requirements for risk assessment and risk management This tool is not intended to serve as legal advice or as recommendations based on a provider or professionals specific circumstances We encourage providers and professionals to seek expert advice when evaluating the use of this toolppOpen Surveypp ppPlease leave any questions comments or feedback about the SRA Tool using our Health IT Feedback Form This includes any trouble in using the tool or problemsbugs with the application itself Also please feel free to leave any suggestions on how we could improve the tool in the futureppYou may also leave a message with our Help Desk by contacting 7343024717 or sending email to SRAHelpDeskAltarumorgppONC held two webinars with a training session and overview of the Security Risk Assessment SRA Tool 35 The slides for these sessions are posted below and a recording of the webinar is also available pppp2024 Webinar Slides PDF 491MBp