Security Risk Assessment Wizard - are you at risk?

August 4th, 2016 - Chris Woolstenhulme, CPC, CMRS
Categories:   Compliance   HIPAA|PHI  

  • Attention:  Any Any healthcare organization that stores, transmits or maintains PHI (Protected Health Information) in electronic formats is required to adhere to the HIPAA Security Rule... see if your organization is at risk with security compliance.

Visit for a Security Risk Assessment (SRA) Tool complete with training and other guidance to aid practices in the complex SRA process.  The features of this tool allow facilities to perform a detailed Security Risk Assessment in an effort to meet Federal requirements.  Compliance is an ongoing process, and part of this process is evaluating risk and taking necessary measures to ensure the policies and procedures that you have in place are adequate for your organization.  This SRA Tool will help you to accomplish that as well as have more confidence in the steps that your practice has taken in order to meet regulations.

Why Perform a Security Risk Assessment

The Security Risk Assessment is required by the HIPAA Security Rule.  Any healthcare organization that stores, transmits or maintains PHI (Protected Health Information) in electronic formats is required to adhere to the HIPAA Security Rule.  Electronic formats include fax machines, scanners, email, electronic claims submission, EHR, and more.  As such, almost every practice today will find that they are required to implement sufficient policies and procedures to comply with the HIPAA Security Rule, and they must routinely perform the Security Risk Assessment.

Meaningful Use updates released in October, 2015 reinforce the HIPAA Security Rule.  This was done in an effort to send a message to healthcare organizations that they are very strongly urged to comply with security guidelines.  It should also serve as a reminder that enforcement actions are upon us and costly sanctions will be assessed for non-compliance of this regulation.

Performing a Secuirty Risk Assessment is also a requirement for successful Meaningful Use attestation.  Practices that have previously attested to Meaningful Use are being evaluated for verification that they have indeed performed the SRA.  Those practices that have made this positive attestation of having performed a periodic SRA, that are later investigated and found to have misled the government on this topic, are being required to reimburse the government for Meaningful Use monies paid out and are liable for other sanctions as well.

Due to the aforementioned details, Security Risk Assessment compliance is actively being investigated.  Practices should consider HIPAA Security and other compliance guidelines a top priority.

Features of the Security Risk Assessment Tool

  • The SRA tool includes introductory audio/video training to properly educate providers and workforce members of the components necessary for the HIPAA Security Risk Assessment.
  •  Detailed module-based training for each of the Administrative, Technical, Physical, Organizational, and Policies and Procedures standards required by HIPAA Security.  Educational modules are appropriately segmented to allow for optimal training and greater ease of implementation.
  •  A multiple question assessment questionnaire addresses critical components for each of the standards identified in the bullet point above.  This allows healthcare organizations to perform a very thorough Security Risk Assessment as required by HIPAA Security and Meaningful Use.
  •  Individualized video training and printed tips are provided to assist with fully understanding and properly answering SRA questions.
  •  Downloadable and customizable forms and checklists are available throughout the SRA Tool to help ensure that healthcare organizations are equipped with the appropriate documentation to complete the SRA requirement.
  •  Your time is valuable and because the SRA process is very comprehensive, the SRA training and assessment videos are compartmentalized to allow practices to easily manage time to progress through this tool at your own pace.

Benefits of the Security Risk Assessment Tool

CCS Help Desk access is available to provide assistance and guidance for SRA Tool users.  Our Help Desk specialists are trained and certified in areas of coding, compliance, auditing and more.

The detail of the SRA Tool will provide confidence in the structure of the healthcare organization's HIPAA Security related policies and procedures.

Components of the Security Risk Assessment can be overwhelming and difficult to understand.  CCS has structured the SRA Tool and training modules in a manner that serves as a learning guide to SRA completion. 

This will help to best understand each question, appropriately answer each question and effectively create or update necessary policies and procedures as required by HIPAA Security.

The SRA tool contains a progress monitor which helps you to track your status of completion.  Users may start again where they have left off from the previous login.

To learn more about the SRA Wizard click here



Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? 
Specialization: Your Advantage as a Medical Coding Contractor
December 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.
ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)
December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.
Changes to COVID-19 Vaccines Strike Again
December 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.
Updated ICD-10-CM Codes for Appendicitis
November 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.
COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....

Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association