CHPC Study Group

 View Only
  • 1.  Well done!

    Posted 08-13-2022 08:16 AM
    Dr. Sanchez...well done.  Good to see you posting again and feel free to cut and paste at will!

    As mentioned in a post by Dr. Sanchez about the SRA tool, someone asked that if you use the SRA Tool could it create some issues given that a practice location might respond to some of the questions in a less than positive manner.

    For example consider the following:
    In Section 1 - SRA Basics the first question is "Has your practice completed a security risk assessment (SRA) before?".  If a practice were to answer "No", they are essentially admitting that they have not completed a required implementation specification under the Security Rule.  As such, one might think that if this was known by the OCR, it could put the practice on "the radar" or initiate an inquiry given the non compliance of the practice to what the OCR has repeated emphasized as an important task that CEs and BAs must complete.

    However as identified on the SRA Tool page, the tool does not transmit any information.

    I added a snip below from slide #8 of the slide deck used in the video about the tool which identifies that no files are transmitted as stated in the slide.  If someone wants additional confirmation, this is also stated in the video file that appears on the SRA Tool page and occurs between the 7:10 - 7:21 times in the video.

    I hope this helps address any questions or concerns about the tool transmitting information to the OCR or other third parties.

    -------------Frank "Snake Bite Leader" Ruelas--------------
    ► We don't fail unless we quit! ◄
    Certification Disclaimer