A HIPAA Compliance Tool…plus so much more!

The HIPAA Security Rule requires a periodic Security Risk Analysis (SRA). Security Risk Assessment and Analysis is just the beginning. SRA+™ provides a cyclical risk management process that includes a fully documented risk assessment, risk analysis report and risk remediation plan!

True compliance is so much more; SRA+™ is so much more.

Why SRA+™

KFMC Health Improvement Partners began helping healthcare providers conduct security risk assessments (SRA) based on the HIPAA Security Rule in 2011. As the federally designated Regional Extension Center (REC) for Health Information Technology, KFMC health IT consultants used an ever-evolving assessment tool to document their findings for the Office of the National Coordinator (ONC) and later the Centers for Medicare and Medicaid Services (CMS), refining and adapting the process based on end-user feedback and changes in the regulatory environment. Through this iterative, adaptive process, KFMC developed a systematic way to document the current state of an organization’s security management plan, as well as a method and format for the remediation process. In its latest iteration, KFMC has moved its SRA program to the Web! We are pleased to introduce SRA+™.


How Does it Work?

In this step-by-step program, the HIPAA Security Rule’s implementation specifications for administrative, physical, and technical safeguards are introduced one at a time, and questions are asked to help the user assess how their organization addresses each one. As weaknesses are discovered, they are linked to identified vulnerabilities which, if exploited by various threats, could impact the privacy, integrity, and availability of electronic protected health information (ePHI). These risks are then ranked based on their likelihood and impact, providing your organization’s security team an actionable list of items to examine, and then plan, implement, and document their remediation activities accordingly.

Why do I need more than just the SRA?

Properly documenting this year’s remediation activities leads right into next year’s SRA. It’s a process that never really ends. SRA+™ makes it easy to navigate through the process, always knowing where you are and what you should do next. Perhaps the best part: you don’t have to do it alone. Our Health IT security consultants are always available to assist with the tool and the process. Safeguarding your patients’ data may sometimes require expertise beyond your usual scope of practice.

KFMC Health IT consultants bring a thorough understanding of the laws that govern the protection of patient information and the ability to assess the security of your PHI, the effectiveness of your processes, and your compliance with the HIPAA Security Rule.