[ISN] HIPAA security risk assessment tool: Small provider needs

http://healthitsecurity.com/2014/04/14/hipaa-security-risk-assessment-tool-small-provider-needs/ By Patrick Ouellette Health IT Security April 14, 2014 Though the Department of Health and Human Services (HHS) released its HIPAA security risk assessment tool a few weeks ago, it’s still unclear how healthcare organizations will use the tool as part of their HIPAA Security Rule compliance strategy. Most organizations realize the tool isn’t necessarily a panacea for federal compliance needs. However, according to Alisa Chestler, a shareholder in the Washington, D.C. office of Baker Donelson, the beauty of the tool for small to mid-size providers is that it’s flexible and serves as a good starting point for those who may be lacking in risk analyses. Chestler, who concentrates her practice in healthcare regulatory compliance; privacy, security and records management issues, discussed the tool’s benefits and uses with HealthITSecurity.com. What are your general impressions of the HIPAA security risk assessment tool? First and foremost, with this tool the government is reinforcing how seriously they’re taking this type of analysis is required of the small providers, what they should know and the expectation that the risk analysis be completed. Secondly, as they begin to see what the tool is all about, they will quickly realize how much of a deep dive it is. So even if it’s not as robust as, say, the audit protocol, it shouldn’t be scoffed at because it will make providers think of things that they never would have thought of before. […]