The Department of Health and Human Services released an online tool to help mid-sized organizations perform a security risk assessment under HIPAA. Click here to access the tool.
Under HIPAA, groups that have protected health information (PHI) must regularly review the administrative, physical and technical safeguards that they have in place to protect the security of their PHI. Conducting a risk assessment can help identify issues in advance of a data breach, and covered entities are required to undergo a security risk assessment.
The tool is aimed at health care professionals in small to mid-sized offices. It is designed to help employers conduct and document a security risk assessment and assess security risks under HIPAA. The tool produces a report which can be shared with auditors, and it provides a cost-effective way for smaller groups to comply with the HIPAA risk assessment requirement.
The tool includes a user guide and tutorial video. Employers that hold PHI might want to use the tool as a part of a HIPAA compliance program.
