ONC releases a new security risk assessment tool
The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) released version 3.1 of the HHS Security Risk Assessment (SRA) Tool, designed to help healthcare providers conduct security risk assessments.
The SRA tool was first released in October 2018 to help small and midsize practices identify and assess potential threats to their electronic protected health information (PHI) and implement appropriate safeguards to mitigate identified risks.
The new version of the SRA Tool is available for Windows devices.
According to the ONC and as noted in the SRA Tool User Guide, the tool has been updated to include the following features:
- Addition of question flagging
- Detailed reports that can be exported to Excel
- Enhanced user interface including bug fixes and improved stability
- Improved asset and vendor management (multi-select and delete functions added)
- Incorporation of National Institute of Standards and Technology Cybersecurity Framework references
- Progress tracker
- Threat and vulnerability validation
For more information on the assessment process, providers can read official guidance on risk analysis from the OCR.