Going through a risk assessment is tough, and when you’re in healthcare, it can be even more difficult. How do you meet the requirements for both HIPAA’s Security Rule and the Centers for Medicare and Medicaid Service’s Electronic Health Record (EHR) Incentive Program? Fortunately, the professionals at HealthIT.gov have developed a handy Security Risk Assessment (SRA) Tool to assist you in doing just that. Here are some details on the tool as a whole and changes that have taken place in the latest update.
The Updated SRA Tool
The SRA tool was designed as a downloadable means to allow healthcare systems to test their IT and EHR infrastructure for security issues. Because it’s stored locally, it doesn’t allow the Department of Health and Human Services to receive, collect, view, store or transmit any information entered into the tool. Local storage acts as protection from the federal government’s IT infrastructure security breaches which have occurred over the years. Once your system has been assessed, you’re provided with reports that outline existing risks due to policies, processes and systems. The tool also provides methods to mitigate the identified risks. It’s designed specifically for small and medium-sized providers, and may not be appropriate for larger healthcare systems.
The updated version was released in October 2018 to make it easier to use while expanding its application to risks in confidentiality, integrity and availability of healthcare information. The tool is now able to diagram the HIPAA Security Rule safeguards while delivering enhanced functionality, allowing for easier documentation of the methods, practices and processes your organization uses to safeguard against identified risks. The update is currently only available for Windows-based systems, but the previous iPad version is still available through the Apple Store by searching under “HHS SRA Tool”.
The update includes a wide range of new features designed to make the tool more user friendly. These features include an enhanced user interface, a modular workflow to make it easier to break up tasks, a customized assessment logic system to improve result accuracy, and a progress tracker for tasks. Additionally, threats and vulnerabilities ratings, detailed reporting, business associate and asset tracking are included for an overall improvement to the user experience.
If you already use the SRA tool, but haven’t updated to the new version, you can transfer certain portions of data to the newest version to take advantage of the updates. However, there is no way to directly transfer all of your existing data. A new user guide has been prepared to make this data migration process as easy as possible, and can be found at the link below.
By staying on top of your healthcare IT security with the SRA Tool, you can ensure that your patient’s EHR records remain secure. Find the tool’s latest version downloads and user guides here.