The Office of the National Coordinator for Health IT's new security risk assessment tool to help providers conduct risk analyses of their electronic patient information has both benefits and shortfalls, according to attorney Richelle Beckman of Overland Park, Kansas-based Forbes Law Group. Writing for the Health Law eSource, Beckman notes that conducting a security risk analysis is a required component of both HIPAA's security rule and the Meaningful Use program.
However, she says, people often misunderstand the requirement, such as believing that only electronic health record users must conduct a risk analysis, which is incorrect. She also notes that there are side benefits to using the tool, which is aimed primarily at smaller providers. For instance, she says, it's a good way to inventory one's business associates and subcontractors. However, she adds, the tool is not perfect, as only one person in an organization can use it at a time. The Healthcare Information and Management Systems Society panned the tool in a recent letter to National Coordinator for Health IT Karen DeSalvo. Article