On March 28, 2014, the U.S. Department of Health and Human Services launched a new security risk assessment (SRA) tool to help health care providers in small- to medium-sized offices conduct risk assessments of their organizations in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.   

The HIPAA Security Rule requires covered entities to safeguard the confidentiality, integrity and availability of electronic protected health information (“PHI”).  One component of the Security Rule is the requirement that covered entities conduct a risk analysis, which is defined as an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI.  According to HHS, the new SRA tool is specifically designed to help providers meet this obligation. 

The new tool is available for downloading here and is compatible with both Windows operating systems and iOS iPads.  More information regarding the tool can be found on the HHS website.