We assessed the existing ONC tool, conducted usability testing, and gathered feedback from users about their experience. Based on the results, we created a user-friendly interface, integrated built-in reference tools for all HIPAA standards and ePHI safeguards, and added a software wizard that uses branching logic to guide users through each step of the process. Finally, we decoupled the system to allow ONC to easily update the tool remotely with new regulations and standards.
The new tool is playing a vital role in assisting health care providers in complying with federal security standards and staying abreast of cybersecurity best practices. For the U.S. Department of Health and Human Services’ ONC and OCR agencies, the enhanced SRA tool strengthens their ability to easily provide data security analyses and assessments that offer the most up-to-date guidance for protecting protected electronic health data. In addition, the tool has been readily embraced by users, having been downloaded more than 100,000 times.