Presentation is loading. Please wait.

Presentation is loading. Please wait.

Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752.

Published byEmerald Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752."— Presentation transcript:

1 Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752

2 Overview  Why is the Security Risk Assessment (SRA) needed?  Introduction of the CMS/OCR SRA Tool  How do you use the Tool?  Review of Pros and Cons of Utilizing Tool  Q&A

3 Why is the SRA Needed?  Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities conduct a risk assessment of their healthcare organization  Conducting a security risk assessment is a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program

4 Why is the SRA Needed?  A risk assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards  A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk

5 Introduction to Tool  Result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR).  Designed to help practices conduct and document a risk assessment in a  Thorough, organized fashion at their own pace  Facilitating assessment of information security risks in your organization under the HIPAA Security Rule.  The application, available for downloading at www.HealthIT.gov/security-risk-assessment  Also produces a report that can be provided to auditors.

6 Disclaimer The Security Risk Assessment Tool at HealthIT.gov is provided for informational purposes only. Use of this tool is neither required by nor guarantees compliance with federal, state or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations. The Security Risk Assessment Tool is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office of Civil Rights the HHS Office for Civil Rights Health Information Privacy website.

7 Introduction to Tool  Downloading the SRA Tool (Windows version) To download the SRA Tool, navigate to ONC’s website at: http://www.healthit.gov/securityrisk-assessment

8 Introduction to Tool  Next, select the blue button located within the Security Risk Assessment Tool” box.

9 Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing  Once you select the button, you will be directed to the Security Risk Assessment Tool page  Navigate to the right side of the page to begin downloading the Windows version of the tool

10 Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing  While your downloading experience may vary depending upon the internet browser you are using, all browsers should allow you to save the file on your desktop computer or laptop  Once prompted, select the arrow symbol next to the “Save” option

11 Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing  From the menu options, select “Save As” then select the folder location where you would like to store your application  Finally, select the “Save” button  Once you have downloaded the application  Double-click the icon and select “run” when prompted  The SRA Tool will open Introduction to Tool

12 Demonstration – Using the Tool Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing

13 Pros & Cons Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing What the SRA Tool Is:  A Security Risk Assessment Tool  Use of the Tool can support an organization’s risk assessment process  Supports identification of conditions where Electronic Protected Health Information (ePHI) could be disclosed without proper authorization, improperly modified, or made unavailable when needed  Responses to the questions in the SRA Tool can be used to help organizations identify areas where security controls designed to protect ePHI may need to be implemented or where existing implementations may need to be improved

14 Pros & Cons Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing What the SRA Tool Is:  Single User  Downloadable to desktop  Recommended for small to medium size offices  Easy to use

15 Pros & Cons Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing What the SRA Tool Is Not:  A Multi-User Tool - Not a collaborative multi-user tool to be used simultaneously by any users -Single user at any one time with appropriate permissions to install and run the application on the desktop will use the tool to individually capture information -However, multiple users may access the tool on separate occasions.

16 Pros & Cons Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing What the SRA Tool Is Not:  A Compliance Tool  The SRA Tool does not produce a statement of compliance  Use the SRA Tool in coordination with other tools and processes to support HIPAA Security Rule – Risk Analysis compliance and risk management activities  Statements of compliance are the responsibility of the covered entity and the HIPAA Security Rule regulatory and enforcement authority  Please note that the SRA Tool does not cover additional Security Rule requirements  Does not provide mitigation or mitigation plan w/dates, or Policies & Procedures

17 Pros & Cons Upon completion of this webinar, participants will be able to: Realize need for Risk assessment Recognize availability of this resource Demonstrate ability to access, download, start assessment Determine pros and cons of utilizing What the SRA Tool Is Not:  A HIPAA Privacy Rule Tool  The SRA Tool provides guidance in understanding the requirements of the HIPAA Security Rule – Risk Analysis specifically  Does not include provisions for the HIPAA Privacy Rule  Downloadable on Windows 8

18 Resources GA-HITEC 877-658-1990 www.ga-hitec.org CMS Incentive Programs www.cms.gov/ehrincentiveprograms www.HealthIT.gov/security-risk-assessment http://www.healthit.gov/providers-professionals/security-risk-assessment GA Medicaid Incentive Program www.dch.georgia.gov/ehr

19 Q & A Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752

Download ppt "Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,

SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google