It's the Most Wonderful Time of the Year...To Do a Risk Assessment

This is a quick compliance reminder that it’s time for your annual Security Risk Assessment (“SRA”), especially if you did not manage to complete one in 2025. https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

Unfortunately, HIPAA doesn’t take a break for the holidays, and practices are expected to regularly (not less than annually) conduct an SRA. A Security Risk Assessment reviews how your practice handles protected health information across administrative, technical, and physical safeguards and helps identify areas of potential risk.

You can access the SRA Tool developed in collaboration with the HHS Office for Civil Rights to help small and medium-sized healthcare providers comply with HIPAA requirements. The SRA tool can be accessed here and https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool was recently updated to include:

• An assessment confirmation button and “reviewed-by” feature, so you can track who approved each step and when

• An updated risk scale that mirrors NIST scoring

• Improved reports with section specific details and updated disclaimers

• Updated library files

• Improvements in questions, responses, and education

For the SRA you are guided through multiple-choice questions, threat and vulnerability assessments, and asset and vendor management. You will have to engage with your website designer / IT support for assistance with certain components of the Security Risk Assessment.

Keep in mind that although the SRA tool is an important resource, it is only one component of a broader HIPAA compliance strategy. Ongoing review of policies and procedures, active risk management, and thoughtful breach notification planning are all critical to maintaining compliance and reducing exposure.

Now is also the time to ensure you have Data Breach / Cyber / HIPAA insurance protection. Please speak with your insurance broker to confirm your policies in place.

If you need assistance please reach out - we’re happy to help! You can contact Diana at DHenriquez@kirshenbaumesq.com (516)747-6700 ext. 328 to set a free consult time with Jennifer or a team member.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

Insurance Broker contribution to Due Diligence in Acquisition Transaction - March 9, 2022

A discussion on Market impact to practice

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!