The Office of the National Coordinator (ONC) for Health and IT and the Office for Civil Rights (OCR) has updated the Health Insurance Portability and Accountability Act (HIPAA) security risk assessment tool used by covered entities and business associates.

Doctors, dentists, chiropractors and other covered entities are required under federal law to take certain measures to protect their patients' personal information from unauthorized use or disclosure. The collective law governing these requirements is HIPAA, which is broken down into the Security Rule and Privacy Rule.

Unfortunately, many covered entities overlook the importance of complying with the HIPAA Security Rule. Unlike its Privacy Rule counterpart, the Security Rule only affects Electronic Protected Health Information (EPHI). Being that most, if not all, covered entities now store patient information on computer hard drives, cloud storage services and other digital mediums, however, the Security Rule can no longer be ignored. Failure to comply with the Security Rule and its respective specifications could result in hefty fines or other penalties if your practice is audited by the OCR.

So, what changes did the ONC and OCR make to the HIPAA security risk assessment tool? The tool still retains its fundamental purpose, which is to verify and ensure compliance with the HIPAA Security Rule. However, it's been updated with several new features, some of which include compatibility with newer versions of the Windows operating system; a 'save as' feature to allow users to save their risk assessment to other locations; reporting enhancements and more.

Of course, compatibility issues were one of the problems that plagued the earlier version of the HIPAA Security risk assessment tool. As covered entities upgraded their computers' operating systems, many noticed that the tool was no longer functional. Thankfully, the ONC and OCR have addressed this issue by updating the HIPAA security risk assessment tool, making it compatible with Windows 8.0, 8.1, and 10.

The SRA Tool is a self-contained, operating system (OS) independent application that can be run on various environments including Windows OS’s for desktop and laptop computers and Apple’s iOS for iPad only. The iOS SRA Tool application for iPad, available at no cost, can be downloaded from Apple’s App Store,” wrote the ONC on its website.

You can learn more about the HIPAA security risk assessment tool by visiting the official ONC website at

Subscribe to our mailing list

* indicates required