Skip to content

HHS Blog on Using HIPAA Security Risk Assessment Tool

On October 30, the US Department of Health and Human Services (HHS) Office for Civil Rights and the Office of the National Coordinator for Health Information Technology posted a blog about how to effectively use its free online security risk assessment tool for security of electronic protected health information (ePHI). The tool can help with identifying potential threats and vulnerabilities of ePHI; review all electronic devices involved with ePHI; assess your overall security risks routinely, and assist with Health Insurance Portability and Accountability Act (HIPAA) Security Rule requirements.

Under HIPAA’s Security Rule, dental employers who transmit electronic health records must to adopt adequate means for safeguarding the confidentiality, integrity, and availability of patients’ protected health information. Examples of security measures in a dental office include: restricting access to computer workstations, controlling facility access, locking up patient records, installing firewalls, passwords, data encryption, data back-up plans, and training. 

All covered entities should perform a security risk assessment to assess vulnerabilities and the mechanisms currently in place to mitigate them. Additional controls should be implemented as needed.

For our OSHA Review subscribers… refer to the November/December 2018 issue in Section X of your binder for more information on HIPAA requirements.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.

Back To Top