Building a Better Health Data Security Risk Assessment Tool

We worked with HHS to develop a more robust and user-friendly tool to help small practices comply with the HIPAA Security Rule.

Card image cap

Overview

Altarum helped the Office of the National Coordinator for Health Information Technology (ONC) improve usability of an online Security Risk Assessment tool designed for health care professionals to identify potential risks and vulnerabilities of their health data, and to ensure they are in compliance with the HIPAA Security Rule.

Our Approach

We assessed the existing ONC tool, conducted usability testing, and gathered feedback from users about their experience. Based on the results, we created a user-friendly interface, integrated built-in reference tools for all HIPAA standards and ePHI safeguards, and added a software wizard that uses branching logic to guide users through each step of the process. Finally, we decoupled the system to allow ONC to easily update the tool remotely with new regulations and standards.  

Results

The new tool is playing a vital role in assisting health care providers in complying with federal security standards and staying abreast of cybersecurity best practices. For the U.S. Department of Health and Human Services’ ONC and OCR agencies, the enhanced SRA tool strengthens their ability to easily provide data security analyses and assessments that offer the most up-to-date guidance for protecting protected electronic health data. In addition, the tool has been readily embraced by users; within three weeks of its release by ONC, it was downloaded more than 10,000 times.

Building a Better Health Data Security Risk Assessment Tool Contact

Contact Us

Laura Rappleye

Laura Rappleye

Deputy Director, Connected Health

Areas of Expertise
  • Interoperability Standards Development
  • Public Health and Clinical Integration
  • Health Information Exchange

Laura has 20 years of experience planning and implementing health IT solutions in public health and clinical care settings. She specializes in advancing population health through integrating clinical and public health data sets. Laura has led the creation of standardized implementation guides and automated data quality assurance and validation tools for the state of Michigan. Laura serves as a co-chair for the Health Level Seven (HL7) Public Health Work Group.