New Security Risk Assessment (SRA) toolOkay, in case you didn't notice today is April 1st... This tool from HHS/ONC is potentially useless to someone unwilling to read the HIPAA Security rule, and unwilling to contract with even a low-end Security consultant. The big news is that this tool is just a 'wizard' that walks you thorough reading the HIPAA Security rule. Once you will be done using this tool, YOU HAVE read the HIPAA Security rule. You are likely no smarter, and you end up with a spreadsheet that just recorded your clicks through the wizard.
In collaboration with the HHS Office for Civil Rights, we released this morning a new tool designed to help practices conduct and document a comprehensive assessment to identify risks in their organizations from the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The SRA tool also produces a report that can be useful during audits. You can read the news release announcing the new tool here.
I must provide a little bit of reality. I really do (not April 1st) think that HHS/ONC have tried. The HIPAA Security rule is not easy for some to grasp. Unfortunately, I really don't think that a pretty wizard is going to make it any more readable. So I must give them some positive credit for trying. I just think you would be better off just reading the regulation itself, and hiring even a low-end security consultant.