Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: HIPAA Security Risk Assessment Tool updated

On September 13, 2023, the Office of the National Coordinator for Health Information Technology (ONC) published the updated Security Risk Assessment (SRA) Tool v3.4 under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. In particular, the SRA Tool is designed to help covered entities and business associates subject to the HIPAA Security Rule to identify and assess risks and vulnerabilities to the confidentiality, integrity, and availability of protected health information (PHI). More specifically, the SRA Tool is targeted toward medium and small healthcare providers conducting risk analyses and implementing technical, physical, and administrative safeguards to protect electronic personal health information (ePHI).

Updates to the SRA Tool include further information from Health Industry Cybersecurity Practices (HICP) and a remediation report, among other things. The remediation report provides a place for responses to risk to be recorded, though the use of the remediation report within the Tool is optional.

You can access the SRA Tool here and the SRA Tool User Guide here.