It just seems non-sensical that they would put out an SRA tool that they won't accept as a valid SRA. I guess they are providing "guidance" and trying NOT to commit to/create a "standard".
Scot Lovejoy RPh. CHC CHPC
Chief Pharmacy Officer
9 Campus Drive, Suite 200
Parisippany, N.J. 07054
(O) 973-540-8400 x227
Confidentiality Notice: This e-mail is intended only for the person(s) to whom it is addressed and may contain information that is confidential, proprietary, privileged or otherwise protected from disclosure. If you are not an intended recipient, please (i) do not read, copy or use this communication, or disclose it to others, (ii) notify the sender immediately by replying to the message, and (iii) delete the e-mail from your system. Thank you.
No copyright infringement intended.
Speaking of a valid SRA - aside from hiring an outside organization to provide one - what is everyone else using to perform their SRA?
Does anyone use frameworks such as NIST, ISO, etc.?
HIPAA COW has a Risk Tool kit available on their site for free that is based on the NIST 800-30 framework.
I haven't used it as we contract with an independent third party to do our SRA's but HIPAA COW has some very good resources.
Thank you, Frank and Scot!
I will check out the resource on HIPAA Cow. I've frequented the site and the resources are especially helpful.
Frank, I haven't worked with either NIST or ISO so I am thankful for your comparison between the two, that is beneficial.
On another note – HITRUST submission is happening NEXT WEEK!! All documents are going to be finished uploaded today, by our assessor. Final scores are being entered in right now. Two days ago we did realize that we needed to answer some additional factor questions that HITRUST added in which added 16 controls. Thankfully it didn't ding us TOO bad. We ended up with an additional three GAPs out of those. Overall – we ended up with ten GAPs out of 449 controls. So, I'm pleased.
Now….. we wait for HITRUST to review and send us back their thoughts. 😊