Well, yesterday brought a first in the field of healthcare, specifically related to cybersecurity and risk analysis. The HHS took its initial enforcement action under the OCR’s Risk Analysis Initiative, and immediately afterward, dropped a brand new security risk assessment tool on us! So, without any further ado, let’s have a chat about this new development, shall we?
The newly announced Security Risk Assessment (or SRA for short) Tool’s third version has just been rolled out by the collaborative efforts of the Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP). The main objective? To aid small to medium-sized health care organizations in the challenging task of identifying potential vulnerabilities and risks, particularly related to electronic protected health information (ePHI) during a risk analysis – a practice made mandatory by the HIPAA Security Rule, you know!
Now, I don’t need to tell you how the threats of hacking and ransomware attacks are on the up and up, especially within the healthcare sector, do I? It’s becoming increasingly important for entities covered by HIPAA and their respective business associates to bolster their cybersecurity posture. And all this to assure one thing – that there’s continued confidentiality, accessibility and integrity of ePHI.
Curious as to what the SRA Tool actually does? Well, it’s a downloadable desktop application that guides users through a series of multiple-choice questions. And these aren’t just any run-of-the-mill questions, oh no! These are specifically designed to assist with identifying potential risks and vulnerabilities related to ePHI. And what’s more, it also tosses in some best practice references, all to fortify an organization’s cybersecurity posture. Clever, isn’t it?
This new and improved SRA Tool, version 3.5, carries some seriously upgraded features and improvements, faithfully reflecting both the current cybersecurity guidance and user feedback from previous versions. So, what’s new on the menu? There’s a refined guidance system within the SRA Tool, references for NIST Cybersecurity Framework (CSF) 2.0 which has taken the place of the prior CSF 1.1, and references corresponding to the Healthcare and Public Health (HPH) Cybersecurity Performance Goal (CPG).
There’s more. New content that focuses on mitigating organizational threats and vulnerabilities has been introduced. Insight on cybersecurity supply chain risks is also a new feature. And on top of everything, they’ve even managed to iron out some bugs and improve content.
So, to wrap things up, this new development is certainly turning heads and its user-friendly interface is bound to make risk assessment considerably more straightforward for healthcare organisations. Above all else, it’s a stride in the right direction when it comes to the protection of vital health information in the digital age.
by Parker Bytes
