An updated Security Risk Assessment Tool aims to help providers and business associates identify risks to electronic protected heath information.
The tool, created by the HHS Office of the National Coordinator for Health Information technology and the Office for Civil Rights, is designed for practices with up to 10 providers, along with their business associates, to understand their security posture and prevent data breaches.
Using the tool, providers and business associates can conduct an enterprisewide risk analysis covering the confidentiality, integrity and availability of electronic health information across all lines of business, in all facilities and in all locations, according to the agencies.
Features in the tool include an enhanced user interface, custom assessment logic (intelligence added by the user and added into the design), a progress tracker, improved threats and vulnerability ratings and business associate and asset tracking.
The tool also has question branching logic that changes what question a respondent sees next based on how they answered the current question.
The User Guide also has been updated to better help organizations get started. Information entered into the Security Risk Assessment tool is stored on the users’ computer or tablet, and HHS does not receive, collect, view, store or transmit any information entered in the tool. More information is available here.