HIPAA requires covered entities to conduct a risk assessment to ensure compliance with HIPAA’s security standards. A risk assessment helps identify where an organization could be putting protected health information (PHI) at risk. The goal of a risk assessment is to implement technical, physical and administrative safeguards to protect electronic protected health information.
The U.S. Department of Health and Human Services (HHS) has supported an interactive Security Risk Assessment Tool since 2014 to help covered entities maintain HIPAA compliance. This Tool has now been upgraded from Word documents to a software application that can be downloaded for use. The Risk Assessment Tool covers risk assessment basics; security policies, procedures and documentation, access management and workforce training; technical processes; physical processes; business associates; and continency plans.
The Risk Assessment tool is drafted primarily for small and medium size health care providers but may be used by all covered entities and business associates.
To access a copy of the Security Risk Assessment Tool, click here.