Security Risk Assessment Wizard - are you at risk?

August 4th, 2016 - Chris Woolstenhulme, CPC, CMRS
Categories:   Compliance   HIPAA|PHI  
0 Votes - Sign in to vote or comment.

Visit for a Security Risk Assessment (SRA) Tool complete with training and other guidance to aid practices in the complex SRA process.  The features of this tool allow facilities to perform a detailed Security Risk Assessment in an effort to meet Federal requirements.  Compliance is an ongoing process, and part of this process is evaluating risk and taking necessary measures to ensure the policies and procedures that you have in place are adequate for your organization.  This SRA Tool will help you to accomplish that as well as have more confidence in the steps that your practice has taken in order to meet regulations.

Why Perform a Security Risk Assessment

The Security Risk Assessment is required by the HIPAA Security Rule.  Any healthcare organization that stores, transmits or maintains PHI (Protected Health Information) in electronic formats is required to adhere to the HIPAA Security Rule.  Electronic formats include fax machines, scanners, email, electronic claims submission, EHR, and more.  As such, almost every practice today will find that they are required to implement sufficient policies and procedures to comply with the HIPAA Security Rule, and they must routinely perform the Security Risk Assessment.

Meaningful Use updates released in October, 2015 reinforce the HIPAA Security Rule.  This was done in an effort to send a message to healthcare organizations that they are very strongly urged to comply with security guidelines.  It should also serve as a reminder that enforcement actions are upon us and costly sanctions will be assessed for non-compliance of this regulation.

Performing a Secuirty Risk Assessment is also a requirement for successful Meaningful Use attestation.  Practices that have previously attested to Meaningful Use are being evaluated for verification that they have indeed performed the SRA.  Those practices that have made this positive attestation of having performed a periodic SRA, that are later investigated and found to have misled the government on this topic, are being required to reimburse the government for Meaningful Use monies paid out and are liable for other sanctions as well.

Due to the aforementioned details, Security Risk Assessment compliance is actively being investigated.  Practices should consider HIPAA Security and other compliance guidelines a top priority.

Features of the Security Risk Assessment Tool

Benefits of the Security Risk Assessment Tool

CCS Help Desk access is available to provide assistance and guidance for SRA Tool users.  Our Help Desk specialists are trained and certified in areas of coding, compliance, auditing and more.

The detail of the SRA Tool will provide confidence in the structure of the healthcare organization's HIPAA Security related policies and procedures.

Components of the Security Risk Assessment can be overwhelming and difficult to understand.  CCS has structured the SRA Tool and training modules in a manner that serves as a learning guide to SRA completion. 

This will help to best understand each question, appropriately answer each question and effectively create or update necessary policies and procedures as required by HIPAA Security.

The SRA tool contains a progress monitor which helps you to track your status of completion.  Users may start again where they have left off from the previous login.

To learn more about the SRA Wizard click here



Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

Don't Let Your QPro Certification(s) Expire! Your Certifications Matter!
June 20th, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
Hello QPro Members, Just a friendly reminder!                                                                                        ...
How to Properly Report Monitoring Patients Taking Blood-thinning Medications
June 18th, 2019 - Wyn Staheli, Director of Research
Codes 93792 and 93792, which were added effective January 1, 2019, have specific guidelines that need to be followed. This article provides some guidance and tips on properly reporting these services.
A United Approach
June 14th, 2019 - Namas
A United Approach As auditors, we all have a different perspective when evaluating documentation. It would be unreasonable to think that we all view things the same way. In my opinion, differing perspectives are what makes a great team because you can coalesce on a particular chart, work it through and ...
Documentation of E/M services for Neurology (Don't Forget the Cardiology Element)
June 13th, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
According to Neurology Clinical Practice and NBIC, the neurologic exam is commonly lacking in documentation due to the extensive requirements needed to capture the appropriate revenue. With the lack of precise documentation, it results in a lower level of E/M than that which is more appropriate, which can cost a physician a lot ...
Medicare Now Reimburses for Remote Monitoring Services (G2010)
June 13th, 2019 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
Medicare's 2019 Final Rule approved HCPCS code G2010 for reimbursement, which allows providers to be paid for remote evaluation of images or recorded video submitted to the provider (also known as "store and forward") to establish whether or not a visit is required. This allows providers to get paid for ...
Now is Your Chance to Speak Up! Tell CMS What You Think!
June 13th, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
CMS is asking for your input, we all have ideas on how we would change healthcare documentation requirements and get rid of the burdensome requirements and regulations if it were up to us, so go ahead, speak up! Patients over Paperwork Initiative is being looked at to help significantly cut ...
Spotlight: Anatomy Images
June 13th, 2019 - Brittney Murdock, QCC, CMCS, CPC
When viewing CPT codes, Find-A-Code offers detailed anatomy images and tables to help with coding. For example 28445 offers a table with information to assist classification of gustilo fractures: Click on the image preview from the code information page to expand the image.

About Codapedia & Find-A-Code Contact Us Terms of Use Privacy Policy Advertise with Us

Codapedia™/Find-A-Code™ - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain) - Fax (801) 770-4428

Copyright © 2009-2019 Find A Code, LLC - CPT® copyright American Medical Association