• linkedin
  • Increase Font
  • Sharebar

    Security Risk Assessments: Critical regardless of practice size

    In small- to-medium sized practices, there are necessarily fewer resources available for implementing the policies and procedures that will insure compliance with the Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Health and Human Services (HHS) offers resources for smaller practices, where legal counsel is unlikely to be on staff, and security experts are more likely to be contracted than employed.

    In 2014, the Office of the National Coordinator for Health IT (ONC) in collaboration with HHS’ Office for Civil Rights (OCR) released a downloadable security risk assessment (SRA) tool to help guide practices through the assessment process.

    Jordan Cohen, JD, an attorney with Mintz, Levin, Cohn, Ferris, Glovsky, and Popeo in New York, New York, says the HHS tool is a good first step for smaller practices that want to conduct a risk assessment. He cautions, though, that the SRA is “only one tool, and the risk assessment is only one aspect of HIPAA compliance.”

    The National Institute of Standards and Technology (NIST) also has a tool to help practices comply with the security rule portion of HIPAA, which Cohen recommends because it includes a risk assessment, as well as help with implementing the assessment and other requirements of the rule. There are also paid applications and consultants who can assist with the process. “Whether these tools are needed really depends on the size of the practice and the complexity of its systems,” he says.


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Latest Tweets Follow