Revenue Cycle Management Blog | GroupOne Health Source

New ONC Security Risk Assessment Tool Offers Help with HIPAA

Written by Kaitlyn Houseman | April 2, 2014

On Friday, the Office of the National Coordinator for Health IT released a new tool to help small- and medium-sized health care providers assess their information security risks, Modern Healthcare reports (Landen, Modern Healthcare, 3/28).


The security risk assessment, or SRA, tool was first introduced in February at a session of the Healthcare Information and Management Systems Society's 2014 conference.

It is ONC's first mobile application and will help health care organizations document that they have considered security risks (Gold, FierceHealthIT, 3/28).  

Details of Tool

The no-cost tool -- which can be downloaded to both Windows and Apple iOS operating systems -- includes:

  • 156 questions to guide health care organizations through each HIPAA requirement;
  • Storage for answers, comments and risk remediation plans; and
  • The ability to produce a report that can be submitted to auditors.

According to Modern Healthcare, use of the tool is not required under HIPAA, but it will help organizations comply with the law (Modern Healthcare, 3/28).

ONC will be taking public comments on the SRA tool until June 2 (Ouellette, Health IT Security, 3/28).

Comments From DeSalvo

In a statement, National Coordinator for Health IT Karen DeSalvo said, "Protecting patients' protected health information is important to all health care providers, and the new tool we are releasing ... will help them assess the security of their organizations."

She added, "The SRA tool and its additional resources have been designed to help health care providers conduct a risk assessment to support better security for patient health data" (McCann,Healthcare IT News, 3/28).