2 min read

Is Your EHR System Secure? Security Risk Assessments Can Reveal Dangerous Gaps

Apr 26, 2021 12:00:00 AM

Are you conducting an annual Security Risk Assessment? HIPAA Security Rules require healthcare providers to conduct risk assessments of their healthcare organization to ensure compliance with three primary components of the HIPAA Security Rule - administrative, physical, and technical safeguards.

Free Tool Helps Providers Conduct Required Security Risk Assessments

The HIPAA Security Rule’s risk assessment process requires an accurate and thorough analysis of the potential risks and vulnerabilities to all of the ePHI your organization creates, receives, maintains, or transmits by evaluating your technical safeguards.

A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk, regardless of whether you have administrative and physical safeguards.

Conducting a Security Risk Assessment can seem daunting, and some providers may not know where to start the process. So, they turn to outside vendors, but outside vendors can be costly for a practice. To help address these concerns, the Office of the National Coordinator for Health Information Technology (ONC) worked with the HHS Office for Civil Rights (OCR) to develop a free downloadable Security Risk Assessment (SRA) Tool.

The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program. Several states now require this tool to be used – check with your state guidance.

This tool is free for you to download and use.

Information entered into the SRA Tool can be stored only on the computer to which it was downloaded (your computer) and it does not send any information, including your results, back to HHS or any other federal agency.

The results of the assessment are displayed in a report which can be used to determine risks in policies, processes, and systems in the practice. Methods to mitigate weaknesses are provided as the user is performing the assessment. The target audience of this tool is medium- and small-provider practices and might not be appropriate for larger provider practices.

InSync's HIPAA-Compliant Electronic Medical Records Software

Layers Of Security And Peace Of Mind 

As you complete the SRA’s 7 sections, remember that InSync Healthcare Solutions is an ONC-HIT-certified EHR system. We keep your data secure and abide by the HIPAA Security Rule. Your SRA should be reviewed and updated yearly or when you make changes to your practice or electronic health systems as a best practice.

Learn more here about the Security Risk Assessment Tool.

And for a closer look at how to increase your organization's efficiencies within the secure framework of our HIPAA-compliant InSync EHR software system, please schedule a demo now with one of our experts. We're happy to explain how it works and answer any questions you might have. 

schedule a demo with insync healthcare solutions

Beth Socoski

Written by Beth Socoski

With more than 20 years of experience in healthcare, compliance, and security, Beth brings integrity, respect, and a world of valuable and applicable knowledge to the InSync team. In addition to three master’s degrees, she has multiple accreditations in healthcare, compliance, ethics, and leadership. As a scholar at heart, she is steadfast in her desire to remain current on compliance requirements – and to share that information in language that is easily understood by all.