The Health Insurance Portability and Accountability Act (HIPAA) states that health informatics experts and their organizations which take care of and keep protected health information are required to have their policies and regulations relating administrative, physical and technical aspects reviewed and updated to ensure the security of the health data and information that they hold.
In accordance with the HIPAA security rule, the Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) together with the Office for Civil Rights (OCR) has released a new security risk assessment (SRA) tool, which is expected to assist healthcare providers and health informatics experts of small to medium-sized businesses in conducting health risk assessments in their organization.
Dr. Karen DeSalvo, national coordinator for health IT, pointed out that the protection and security of the health information of patients is undoubtedly valuable to health care practitioners, emphasizing that the tool their health informatics research team has released would be of great assistance in evaluating the security systems and policies of organizations.
Risk assessments help healthcare providers to identify the current weak spots in their systems, policies and security systems. Also, through these evaluations, the organizations are able to address vulnerabilities and draft potential strategies to overcome existing and probable difficulties regarding security breaches and any untoward events.
Susan McAndrew, deputy director of OCR’s Division of Health Information Privacy, expressed her positive note regarding this project. She said that she is happy that her department has joined efforts with the ONC in developing the SRA tool. The team is confident that the application which is a product of health informatics study would be able to deliver and provide great assistance in conducting risk assessment in organizations.
The SRA tool is designed to perform and document comprehensive and organized risk assessments for health care providers, giving way for the latter to be able to pinpoint security breach risks in their security systems. The application is available for download and can be reproduced to provide copies to auditors.