Hint: Calculate your practice risk and manage it. Under the provisions of the HIPAA Security Rule, covered entities (CEs) are required to safeguard patients’ protected health information (PHI). The best way to do that is to assess, analyze, and manage your practice’s compliance and cybersecurity risks. The HHS Office of the National Coordinator for Health Information Technology (ONC) released a new security risk assessment (SRA) tool that is easy to access and use, which can help you better formulate a HIPAA compliance plan that works. Background: “The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Program,” notes ONC on its website. The tool is designed to be both easy to use and intuitive. According to the ONC, some of the features of the SRA tool include: The tool is intended to be used as a sort of internal audit — your practice can assess its individual risk without having the results plastered everywhere. “All information entered into the SRA Tool is stored locally to the users’ computer or tablet. HHS does not receive, collect, view, store or transmit any information entered in the SRA Tool. The results of the assessment are displayed in a report which can be used to determine risks in policies, processes and systems and methods to mitigate weaknesses are provided as the user is performing the assessment,” ONC says. Caveat: This tool is designed to be most effective and efficient for smaller organizations. “The target audience for this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations,” ONC says. If you used the previous version of this SRA tool — Version 2.0 — you can make small adjustments. “Note that you can’t directly transfer data from 2.0 to 3.0, but can upload certain portions (e.g., lists of assets and BAs),” ONC says. The ONC recommends downloading the former SRA Tool 2.0 and its user guide for more information. For details on how to download and use the new SRA Tool 3.0, see www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.