HHS Updates Its Security Risk Assessment Tool
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) and the Assistant Secretary for Technology Policy (“ASTP”) have released an updated version of the Security Risk Assessment (“SRA”) Tool which allows covered entities and their business associates to conduct a risk assessment of their healthcare organization in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule. The updated SRA Tool has new features including a confirmation button with a “reviewed-by” date that includes the approver’s username and date for audit records and an updated risk scale to match NIST scoring.
OIG and ASTP Announce Crackdown on Information Blocking
The Office of Inspector General (“OIG”) and the Office of the Assistant Secretary for Technology Policy (“ASTP”) issued a Joint Enforcement Alert to notify individuals of the increased enforcement of the rules against information blocking. Information blocking occurs when an individual or entity interferes with, prevents, or materially discourages the access, exchange, or use of electronic health information. In this joint alert, the OIG and ASTP indicate they will be allocating additional resources to combat information blocking and taking definitive action on violations of information blocking rules.
- * * *