New version of HHS Security Risk Assessment Tool released

Featured image

Share this article

New Version of HHS Security Risk Assessment Tool Released - Paubox

Small and medium healthcare organizations have a new version of the Security Risk Assessment (SRA) tool.

The SRA tool is a collaborative effort between The Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR).

It was developed for healthcare providers to assess security risks to their protected health information (PHI). 

What does the SRA tool accomplish?

The updated version of the HHS Security Risk Assessment tool is more user-friendly and can determine the confidentiality, integrity, and availability risks of health information.  

Based on user feedback and public input, the SRA tool has several feature enhancements, including:

  • Improved navigation of assessment sections
  • Modular workflow
  • Custom assessment logic
  • Progress tracker
  • Enhanced user interface scaling
  • Overall improvement of user experience
  • Threats & vulnerabilities rating
  • Detailed reports 
  • Options to export reports
  • Business associate and asset tracking

The SRA tool is available for a wide range of devices, including Windows computers and laptops. Although the tool is available for iPads, it isn’t available for Mac OS.

How safe is the SRA tool?

The SRA tool collects information and stores it locally on the user’s tablet or computer. HHS does not access, collect, view, store, or transmit any of the information the SRA tool obtains.

The user receives the assessment results in a report. It covers risks in policies, processes, and systems. The report also recommends methods to reduce weaknesses in security.

Why should healthcare organizations use it?

HIPAA Security Rule requires healthcare organizations to conduct security risk assessments. The SRA tool helps healthcare providers ensure compliance with HIPAA regulations concerning administrative, physical, and technical safeguards to protect PHI.

You should note that the SRA tool is for informational purposes only. Even though it may reflect the current best practices of information technology, it is not required to stay compliant with HIPAA’s Security Rule requirements.

Healthcare providers should always consult with experts about their security system.

How does encryption fit in?

Encryption requirements around PHI are “addressable” in the HIPAA Security Rule, which means that encryption is not necessarily required to manage risks to PHI transmission. But it can be an excellent option to protect your healthcare data.

When it comes to sending HIPAA compliant email, HHS suggests that covered entities use encryption for electronic PHI (ePHI) transmission “whenever deemed appropriate.”

A healthcare organization could opt not to encrypt emails, but it would need to document its decision-making process and implement an alternative solution to safeguard ePHI.

However, there’s not much of an alternative option to email encryption, and you can never be too safe with guarding valuable healthcare information. 

Paubox Email Suite offers encryption by default. After implementing the solution, every email you send will be encrypted. This is the maximum protection you can get for safeguarding your emails and PHI. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022