The Office of the National Coordinator for Health Information Technology (ONC) recognizes that conducting a risk assessment can be a challenging task. That’s why ONC, in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide you through the process. The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.
All information entered into the SRA Tool is stored locally to the users’ computer or tablet. HHS does not receive, collect, view, store or transmit any information entered in the SRA Tool. The results of the assessment are displayed in a report which can be used to determine risks in policies, processes and systems and methods to mitigate weaknesses are provided as the user is performing the assessment. The target audience of this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations.
The updated version of the popular Security Risk Assessment (SRA) Tool was released in October 2018 to make it easier to use and apply more broadly to the risks of the confidentiality, integrity, and availability of health information. The tool diagrams HIPAA Security Rule safeguards and provides enhanced functionality to document how your organization implements safeguards to mitigate, or plans to mitigate, identified risks. The new SRA Tool is available for Windows computers and laptops. However, the previous iPad version of the SRA Tool is still available from the Apple App StoreWeb Site Disclaimers (search under “HHS SRA Tool”).
The tool is now more user friendly, with helpful new features like:
- Enhanced user interface
- Modular workflow
- Custom assessment logic
- Progress tracker
- Threats & vulnerabilities rating
- Detailed reports
- Business associate and asset tracking
- Overall improvement of the user experience
For details on how to use the tool, download the SRA Tool 3.0 User Guide [PDF – 2.2 MB]*.