News Feature | April 4, 2014

HHS Releases HIPAA Compliance Assessment Tool

Katie Wike

By Katie Wike, contributing writer

HIPAA Compliance Assessment Tool

New HHS tool helps providers assess security risks to HIPAA compliance

According to, “ONC, in collaboration with the HHS Office for Civil Rights (OCR) and the HHS Office of the General Counsel (OGC), developed a downloadable Security Risk Assessment Tool (SRA Tool) to help guide” providers through the HIPAA-required assessment.

The Security Risk Assessment (SRA) Tool is meant to help providers in small to medium offices conduct risk assessments and, a HIPAA regulations require providers to regularly examine the way protected health information is handled, this new tool is a valuable asset to those looking for a way to meet the requirement.

“By conducting these risk assessments, healthcare providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data,” wrote HHS in a press release.

"Protecting patients' protected health information is important to all healthcare providers and the new tool we are releasing today will help them assess the security of their organizations," said Karen DeSalvo, M.D., national coordinator for health information technology. "The SRA tool and its additional resources have been designed to help healthcare providers conduct a risk assessment to support better security for patient health data."

"We are pleased to have collaborated with the ONC on this project," said Susan McAndrew, deputy director of OCR's Division of Health Information Privacy. "We believe this tool will greatly assist providers in performing a risk assessment to meet their obligations under the HIPAA Security Rule."