​SOLICITATION: ONC Security Risk Assessment (SRA) Tool 2.0

Posted (Last updated )

ONC maintains the Security Risk Assessment (SRA) Tool. First released in 2014, the SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help healthcare providers conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Healthcare providers of all sizes may use the tool, but the target audience is medium and small providers. The application, available for downloading at www.HealthIT.gov/security-risk-assessment, also produces a report that can be provided to auditors…

The purpose of this task order is to create:

  • A revised version of the SRA Tool that is measurably more usable than the current version; A mechanism to update SRA Tool questions without requiring a full update of the tool; Develop plain-language questions that educate and assist a user in a small provider practice in performing a security risk assessment. The revised version of the SRA Tool will be used to assist small & medium sized healthcare providers in performing security risk assessments. This includes usability updates to the interface, workflow improvements, and rewording questions to be more open-ended and to use plainer language. It’s anticipates that this project will be a iterative, employing agile project management and best practice development standards, with several incremental SRA Tool releases as functionality is developed.
  • Due Date: 8/25/2016 10: 00 AM

  • G2X TAKE: Based on feedback received from the healthcare providers, this task is an effort to redesign and develop the next generation of this security risk assessment tool. The incumbent on this is believed to be Morgan Borszcz with NJ based interactive firm DScape. These two combined for the first release of the “Security Risk Assessment” app in 2013 and were rewarded with an extension late last year.

    In addition to their experience designing and developing this application that walks stakeholders through the Security Risk Assessment process, Morgan Borszcz Consulting, a minority, woman-owned small business, has extensive experience supporting ONC as they develop and execute plans for communicating health information privacy and security messaging to OCPO’s diverse stakeholder population.

    This RFQ was released through HHS PSC as an unrestricted competition. Need a copy of the SOW? Email us at admin@g2xchange.com


    Have something you would like to add? Comment below

    Note: You will need to be logged in as a member to see comments and participate in the discussion.