If questions about whether your organization is HIPAA compliant are keeping you up nights, get some much-needed rest by using the HIPAA Security Risk Assessment Tool (SRA) provided by the Office of the National Coordinator for Health Information Technology (ONC). The online tool, on which the ONC collaborated with the HHS Office for Civil Rights (OCR) and the HHS Office of the General Counsel (OGC), isn’t a HIPAA requirement. It’s simply a free tool that will walk providers and professionals through HIPAA requirements and assist them in performing risk assessments and developing remediation strategies.
Is Entering Sensitive Information into an Online Tool Risky?
It’s not, because the online tool isn’t a cloud service. It is a downloadable, self-contained application, meaning it remains on your desktop and is not accessible to anyone but you. It can be downloaded on desktops and laptops with Windows OS, and there’s a version for iPhones and iPads running Apple’s iOS that is available free from Apple’s App Store. But if utilizing an electronic version isn’t an option for you, there is a paper-based version, as well.
How does it work?
The online tool is very comprehensive, and takes the user through each of HIPAA’s 156 requirements by presenting “yes” or “no” questions that will help determine areas that are compliant and ones that need to be addressed. Each question provides assistance that includes:
- A clear definition of the context of the question,
- Potential impacts to your organization if that requirement isn’t met, and
- Associated safeguard language of the HIPAA Security Rule.
Each question offers a notepad where you can provide risk remediation plans and enter comments and notes.
How Long Does it take to Utilize the online Tool?
That depends on you. The tool is comprehensive and, considering the information will help determine if your organization is HIPAA-compliant, should be given the time and attention it deserves. Results can be saved in printable PDF or Excel formats, and contain color-coded graphics in the Windows version only.
HIPAA compliance is critical for healthcare providers and professionals. The ONC’s online tool is a helpful implement to have for reference, but it should not be the only method used to ensure HIPAA compliance. It is best to consult an experienced, board-certified health law attorney like Larry “Max” Maxwell for a thorough HIPAA compliance review on a regular basis.