On March 28, 2014, the U. S. Department of Health and Human Services released an online security risk assessment tool to help health care providers with HIPAA compliance.
This new security risk assessment tool is designed to help health care providers perform a privacy risk analysis, to identify security risks and to help providers make improvements to their current privacy practices. The application is available for download at: www.heathIT.gov/security-risk-assessment. Also provided on this website is a printable format of the risk assessment tool.
As many providers are aware, HIPAA now requires each provider to perform a “risk analysis” to address the strengths and weaknesses of their health care practice’s current policies regarding the storage and transmission of protected health information. HIPAA also requires health care providers to make reasonable improvements to such policies. The Department of Health and Human Resources has announced that it intends to conduct random audits of health care providers to ensure compliance with these new privacy rules.
The risk assessment tool is just one aid that will allow individual practices to work toward compliance. It should be noted however that the disclaimer on the government website explains that the tool is for “informational purposes” only. The tool does not guarantee compliance with federal law. The disclaimer continues to note that the risk assessment tool is not intended to be an exhaustive or definitive source on safeguarding health information.
To that end, should you need assistance with performing your own risk analysis and/or implementing updated privacy practices, please contact the attorneys in Reminger’s Health Care Law Practice Group.