This new HealthIT.gov assessment tool can help you evaluate your risk. The Office of the National Coordinator for Health Information Technology (ONC) released a new security risk assessment (SRA) tool that is easy to access and use. Background: “The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program,” ONC says on its website. The tool is designed to be both easy to use and intuitive. According to the ONC, some of the features of the SRA tool include: The tool is intended to be used as a sort of internal audit — your practice can assess its individual risk without having the results plastered everywhere. “All information entered into the SRA Tool is stored locally to the users’ computer or tablet. HHS does not receive, collect, view, store or transmit any information entered in the SRA Tool. The results of the assessment are displayed in a report which can be used to determine risks in policies, processes and systems and methods to mitigate weaknesses are provided as the user is performing the assessment,” ONC says. Caveat: This tool is designed to be most effective and efficient for smaller organizations. “The target audience of this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations,” ONC says. If you used the previous version of this SRA tool — Version 2.0 — you can make small adjustments. “Note that you can’t directly transfer data from 2.0 to 3.0, but can upload certain portions (e.g., lists of assets and BAs),” ONC says. The ONC recommends downloading the former SRA Tool 2.0 and its user guide for more information. For more information on how to download and use the new SRA Tool 3.0, see https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.