ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool

8 months ago AndyC

Listen to this post

On September 13, 2023, the National Coordinator for Health Information Technology (“ONC”) and the Office for Civil R

ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
Listen to this post

On September 13, 2023, the National Coordinator for Health Information Technology (“ONC”) and the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment (“SRA”) Tool under the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule.

The HIPAA Security Rule requires HIPAA covered entities to perform a risk assessment to identify and evaluate potential risks and vulnerabilities associated with the processing of electronic protected health information. The SRA is designed to assist small- and medium-sized covered entities with conducting the risk analyses required under the HIPAA Security Rule.

The latest version of the SRA Tool introduces a number of new features, including a glossary, updated references to the latest edition of the Health Industry Cybersecurity Practices, and a remediation report for tracking and recording responses. The SRA tool is available through the ONC’s website.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , ,

More Stories

UK ICO and Ofcom Joint Statement on Regulation of Online Services

UK ICO and Ofcom Joint Statement on Regulation of Online Services

3 days ago AndyC
HHS Extends Protections for Reproductive Privacy Under HIPAA

HHS Extends Protections for Reproductive Privacy Under HIPAA

4 days ago AndyC
Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

5 days ago AndyC
CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

1 week ago AndyC
CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy

CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy

1 week ago AndyC
New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act

New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act

2 weeks ago AndyC

You may have missed

Pay up, or else? – Week in security with Tony Anscombe

10 hours ago AndyC
Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

14 hours ago AndyC
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

20 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Your Google Account allows you to create passkeys on your phone, computer and security keys

20 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Detecting browser data theft using Windows Event Logs

20 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.