The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated its Security Risk Assessment Tool to help health care providers identify and assess potential risks to electronic protected health information, as required by the HIPAA Security Rule.
Users are guided through the security risk assessment process using multiple-choice questions, threat and vulnerability assessments, and asset and vendor management. The new version includes a remediation report, glossary and tool tips, references to the Health Industry Cybersecurity Practices 2023 Edition, bug fixes, and usability enhancements.