On September 13, 2023, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) updated their jointly-created Security Risk Assessment Tool (SRA Tool). The SRA Tool is designed to help small and medium-sized healthcare practices and business associates comply with the HIPAA Security Rule by identifying and mitigating risks to systems storing or transmitting protected health information. Healthcare Partner Jordan Cohen spoke with Healthcare Risk Management about the HIPAA self-assessment tool.

Healthcare Risk Management wrote: "OCR is trying to make the tool more robust, says Jordan T. Cohen, JD, partner with Akerman in New York City. The tool will be most useful for small- to medium-sized covered entities because large entities tend to have more complicated systems to assess."

"'What OCR is really trying to do here is give everyday healthcare providers a tool to help them comply with their risk analysis requirements. Year in and year out, failure to conduct an appropriate risk analysis is probably the biggest issue that OCR sees when they’re investigating breaches,' Cohen says. 'It really grinds their gears.'"