HIPAA Blog

[ Thursday, September 08, 2022 ]

I received the following yesterday in an email from the OCR HIPAA listserv:

Is your organization using the SRA Tool to help conduct a security risk assessment (SRA)? The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services are hosting a webinar in September about the Security Risk Assessment Tool. In this webinar, we will focus on how to review and update an assessment from a previous session. We will also cover a basic overview of the tool and highlight some new enhancements in version 3.3. There will be an opportunity for participants to ask questions and give feedback during the session.

There are two dates available for this webinar. Registration is limited to 3,000 participants for each presentation. The presentation will be the same for both sessions. A recording will be made available after the final webinar session.

Register for a session:
September 14, 2:00-3:00pm ET
September 15, 11:00-12pm ET

Download the SRA Tool here →

As you probably know, the existence of a good security risk assessment is a major item for review when OCR investigates a covered entity for a potential HIPAA violation. And OCR definitely gives covered entities a lot of credit for using their own version of the security risk analysis. It's pretty clunky and takes a lot of time to get through, but risk analysis is in fact pretty hard to do with a one-size-fits-all tool, so the difficulty of the tool is a little bit understandable.

I'd highly recommend attending the webinar if you can. It's always good to know what the regulators are thinking

Jeff [7:05 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template