HHS Releases Tool to Help Practices Assess HIPAA Security Risks

​The U.S. Department of Health and Human Services (HHS) has released a new security risk assessment tool to help guide healthcare providers in small- to medium-size offices conduct risk assessments of their organizations. Developed as part of a collaborative effort by HHS's Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights, the tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) security rule. The tool also produces a report that can be provided to auditors. According to a March 28, 2014, HHS news release covering the tool's availability, HIPAA requires organizations that handle protected health information to regularly review the administrative, physical, and technical safeguards they have in place to protect the security of the information.