HHS has released a new security risk assessment tool to help providers, and perhaps business partners, uncover potential weaknesses in their security policies, processes and systems. Using the tool, providers will be guided as they address risk and security practices and failures such as:
- personnel issues
- defining and managing access
- technical and physical security
In addition to helping providers manage their risks and comply with the HIPAA Security Rule, I believe the tool is also helpful with business continuity planning efforts. Think about it - will the organization be able to survive if there is a breach or if security weaknesses become widely known? How does security change during a disaster?