Skip to content

HHS Updates SRA Tool to Assess HIPAA Security Risks

On June 14, 2022, the US Office of the National Coordinator for Health Information Technology and the US Office for Civil Rights at the U.S. Department of Health and Human Services (HHS) jointly announced an update to the Security Risk Assessment (SRA) Tool. The SRA Tool is designed to help small and medium sized healthcare providers conduct a security risk analysis as required by the HIPAA Security Rule.

Version 3.3 of the SRA Tool contains a variety of feature enhancements based on user feedback and public input, including the incorporation of Health Industry Cybersecurity Practices (HICP) references, file association in Windows, improved reports, and other bug fixes and stability improvements. Additionally, a new SRA Tool Excel Workbook, an alternative version of the SRA Tool, enables users to take the same content from the Windows desktop application and present it in a familiar spreadsheet format.

Dental Offices Must Conduct HIPAA Security Risk Analysis

To comply with the HIPAA Security Rule, all covered entities, including dental offices, are required to perform a security risk analysis to assess vulnerabilities and the mechanisms currently in place to mitigate them. Additional controls should be implemented as needed to ensure protected health information (PHI) is secure. The HHS defines a risk analysis or assessment as “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI.” 

While HHS does not specify how frequently to perform a security risk analysis or how the analysis should be conducted, dental providers may perform the analysis annually or as needed depending on circumstances of their environment. Additionally, the use of the SRA Tool can assist with the security risk analysis, as well as with overall HIPAA compliance.

For our OSHA Review Subscribers…  The July/August 2022 issue of OSHA Review covers HIPAA requirements and includes information about conducting a security risk analysis. 

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.

Back To Top