Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

OCR Releases HIPAA Security Assessment Tool

Last week the Department of Health and Human Services released a tool to assist covered entities in complying with the HIPAA Security Rule requirement to conduct a risk assessment. The tool is aimed at small to medium health care providers, and was developed jointly by OCR and the HHS Office of the National Coordinator for Health Information Technology (“ONC”).

Security Rule applies to HIPAA “covered entities”—which include health plans, health care clearinghouses, and most health care providers—that handle electronic protected health information (ePHI).  The Security Rule also applies to “business associates” that perform functions or services on behalf of covered entities involving ePHI.  The Rule requires covered entities and business associates to conduct a risk assessment to identify possible gaps in their information security programs in order to help ensure that patient information is protected against data breaches or other security events.

It follows the National Institute of Standards and Technology’s development of a similar
toolkit, and contains 156 questions and resources that are designed to help health care providers.

More information and downloads are available

blog comments powered by Disqus