New version of HIPAA security risk assessment tool released

Blog Post

On Oct. 30, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC)  announced the release of a new downloadable version (3.1) of the HHS Security Risk Assessment (SRA) Tool to help HIPAA covered entities and business associates assess risks to the confidentiality, integrity and availability of electronic protected health information (ePHI).   

Enterprise-wide risk assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI (also known as risk analysis) is essential for HIPAA covered entities and business associates. In fact, it was recently identified as one of the most prevalent HIPAA violations and should be conducted and updated regularly.    

A wide range of health care organizations are likely to find the SRA Tool useful in navigating the challenges of conducting and regularly updating its risk assessment. OCR and ONC identify small and medium sized health care organizations as the target audience and tout functionality updates and new features in this version. 

For more information, please contact the attorney listed below. 


Related Services

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.