November 01, 2018

The ONC/OCR HIPAA Security Risk Assessment Tool: Review of Version 3.0’s New Features

Richelle Marting, Forbes Law Group LLC, Overland Park, KS

The Health Insurance Portability and Accountability Act’s Security Rule was promulgated in 20031 and sets forth standards, implementation specifications, and requirements for the security of electronic protected health information (ePHI) by covered entities and business associates.2 Performing a security risk assessment (SRA) has been one of the most challenging requirements for entities subject to HIPAA to understand and effectively implement. Small organizations particularly struggle, even as the requirement became a factor in providers’ payment under programs like Meaningful Use and  the Merit-based Incentive Payment System (MIPS), which pay incentives or impose reimbursement penalties against providers in part based on whether certified electronic medical records are used.3

Premium Content For:
  • Health Law Section
Join - Now