HIPAA

 View Only
  • 1.  HHS SRA Tool v3.3 - Acceptable to meet

    Posted 07-25-2022 06:50 PM
    Hi Team,

    If I recall correctly, HHS was on record (prior to the release of v3.3) saying SRAs conducted with the HHS SRA tool would not meet the risk analysis requirement at CFR 164.308(a)(1)(ii)(A). Is this still the case? If so, do you see any benefit for a small organization to use this tool in addition to whatever HHS-acceptable risk analysis solution is in place? Appreciate any insight you're able to share.

    https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

    Thank you,

    klp

    ------------------------------
    Karen Palmer, CHC
    Compliance Officer
    Physicians DataTrust
    kpalmer@pdtrust.com
    Long Beach, CA
    ------------------------------
    Default Blank


  • 2.  RE: HHS SRA Tool v3.3 - Acceptable to meet

    Posted 07-26-2022 06:58 AM
    ..now on a related note...as I've seen this done successfully.

    Can the tool be used and supplemented in a way that if the final work product is submitted to the OCR that the OCR may find that the submitting Covered Entity (or business associate) has met the risk analysis requirement...the answer is...YES!

    Just wanted to post this separately so that people did not comingle this response to the question that you posed.

    Thanks again!

    ------------------------------
    -------------Frank "Snake Bite Leader" Ruelas--------------
    ► We don't fail unless we quit! ◄
    ------------------------------

    Default Blank