ONC's Joy Pritts: Security risk assessment tool coming soon

The Office of the National Coordinator for Health IT will soon be releasing a security risk assessment tool, representatives from the agency announced Tuesday at the Healthcare Information and Management Systems Society's (HIMSS) annual conference in Orlando, Fla..

The tool, which is ONC's first app, will help providers with a key part of the security risk assessment process many often inadvertently slack on--documentation. The tool will be released in a few weeks, Joy Pritts, chief privacy officer at the ONC, said during a session.

"We're committed to making [ONC's tools] useful... If we can't get this message out to the people who need it, we're not doing our job," Pritts said.

Lack of documentation is a big problem, Pritts said, and the intent of this tool is to help providers produce the documentation necessary to show an organization has thought about security risk and help guide the thought process.

Over and over again, ONC hears about small providers not knowing what risk assessment entails, which the app should help with, Pritts said.

"It really is a useful way of having that documentation you can use to demonstrate your good faith and attempt to comply with the security rule," Pritts said.

The Office for Civil Rights, the agency that enforces privacy provisions of HIPAA, has not fully enforced the law's requirements, according to a report from the U.S. Department of Health & Human Services Office of Inspector General, FierceHealthIT previously reported.

Leon Rodriguez, OCR director, speaking at the HIMSS Privacy and Security Forum in Boston last fall, said the the permanent HIPAA auditing program slated to begin next year will be narrower in scope than the 2012 auditing pilot program.

In the pilot program, a lack of thorough risk analysis was found to be a major weakness--and this app aims to address that.

After the new HIPAA omnibus rule was published last January, several FierceHealthIT Editorial Advisory Board members noted that its execution will present a multitude of challenges.

Related Articles:
OCR not fully enforcing HIPAA
Leon Rodriguez: Permanent HIPAA auditing program will be narrower
Despite HIPAA compliance deadline, OCR to delay some requirements
Don't let HIPAA ruin your life
HHS to provide more HIPAA guidance to covered entities