• News New Blog Banner

  • New Tool Demystifies Security Risk Assessments

    Physical therapists (PTs) and other health professionals looking for help on how to conduct HIPAA security risk assessments have a new free tool to make the process more understandable.

    The US Office of the National Coordinator for Health Information Technology (ONC) is now offering a downloadable Security Risk Assessment (SRA) Tool that it says "lets you take a self-directed tour of HIPAA standards and helps you conduct a risk assessment at your own pace." The tool was developed in collaboration with the US Department of Health and Human Services' Office for Civil Rights and the Office for the General Counsel.

    Under HIPAA, PTs who are considered covered entities or business associates are required to conduct risk and vulnerability assessments of electronic personal health information (PHI) to evaluate the potential for the confidentiality, integrity, and availability of that information to be compromised.

    The tool is designed to lead users through each HIPAA requirement through a series of yes or no questions. In addition to providing space for documentation, the tool offers other features including "context sections" that explain threats and vulnerabilities, examples of safeguards, a glossary, and report charts that display the user's risk levels. The report can also be exported as a Microsoft Excel file or PDF document. The tool is available for both Microsoft and iOS (iPad only).

    Recent costly settlements for violations of HIPAA PHI requirements have made headlines, and underscore the importance of understanding the rules and assessing security risks. APTA offers multiple resources on health information technology, HIPAA requirements, and electronic health records.


    • Thanks for posting this. I just want to add that as you said above, most, but not all physical therapists or practices are "covered entities." The easiest way to know if you are a "covered entity" is at this difficult to locate CMS page, that has a downloadable .pdf flow chart https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/AreYouaCoveredEntity.html

      Posted by Aaron LeBauer on 4/7/2014 12:25 PM

    Leave a comment
    Name *
    Email *