New HIPAA Security Risk Assessment Tool incorporates NIST framework

October 30, 2019 Release from OCR

In support of National Cyber Security Awareness Month (NCSAM), the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.1 of the popular HHS Security Risk Assessment (SRA) Tool. This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks and help reduce the chance of being impacted by malware, ransomware, and other cyberattacks.

The current version of the SRA Tool includes functionality updates based on public input.  New features include:  

  • Threat and vulnerability validation;
  • Improved asset and vendor management (multi-select and delete functions added);
  • Incorporation of NIST Cybersecurity Framework references;
  • Capability to export the Detailed Report to Excel;
  • Addition of question flagging and a Flagged Report; and
  • Bug fixes and improved stability.

Download the SRA Tool and be sure to review the User Guide for tips on using this interactive tool. Questions? Email the Help Desk or view the materials and audio recording of the August 2019 SRA Tool webinar. ONC and OCR will continue to make improvements to the SRA Tool, so please reach out via the Health IT Feedback Form with suggestions.

Previous articlePenetration Testers Arrested in Iowa Causing Controversy
Next articleBlockchain Technology and Recordkeeping report available via AIEF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.