Recently the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed an updated free downloadable Security Risk Assessment (SRA) Tool to help guide health care providers conduct a security risk assessment as required by the HIPAA Security Rule. The target audience of this tool is medium and small providers that may lack resources or the expertise of full-time system security officers.
Fast Facts and links to the Free SRA Tools:
- The SRA Tool runs on your computer and is not connected to or accessible by any government agency or other entity.
- There are no requirements to use the tool or to submit any information from the tool to any entity.
- The SRA Tool is a downloadable desktop Windows-based application that walks users through the security risk assessment process using a simple, wizard-based approach. Users are guided through 125 multiple-choice questions about threat and vulnerability assessments and asset and vendor management. References and additional guidance are given along the way. Reports are available to save and print after the assessment is completed.
- A downloadable Excel Workbook version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application. This version of the SRA Tool is intended to replace the legacy "Paper Version" and may be a good option for users who do not have access to Microsoft Windows or otherwise need more flexibility than is provided by the SRA Tool for Windows.