USA: HIPAA Security Risk Assessment Tool updated
On September 13, 2023, the Office of the National Coordinator for Health Information Technology (ONC) published the updated Security Risk Assessment (SRA) Tool v3.4 under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. In particular, the SRA Tool is designed to help covered entities and business associates subject to the HIPAA Security Rule to identify and assess risks and vulnerabilities to the confidentiality, integrity, and availability of protected health information (PHI). More specifically, the SRA Tool is targeted toward medium and small healthcare providers conducting risk analyses and implementing technical, physical, and administrative safeguards to protect electronic personal health information (ePHI).
Updates to the SRA Tool include further information from Health Industry Cybersecurity Practices (HICP) and a remediation report, among other things. The remediation report provides a place for responses to risk to be recorded, though the use of the remediation report within the Tool is optional.