Mary Madison, RN, RAC-CT, CDP
Clinical Consultant – Briggs Healthcare
The Health Insurance Portability and Accountability Act (HIPAA) Security Rulerequires that covered entities and its business associates conduct a risk assessment of their healthcare organization. A risk assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk. To learn more about the assessment process and how it benefits your organization, visit the Office for Civil Rights’ official guidance.
The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed a downloadable Security Risk Assessment (SRA) Tool to help guide you through the process. The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule. The target audience of this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations.
SRA Tool for Windows
The SRA Tool is a desktop application that walks users through the security risk assessment process using a simple, wizard-based approach. Users are guided through multiple-choice questions, threat and vulnerability assessments, and asset and vendor management. References and additional guidance are given along the way. Reports are available to save and print after the assessment is completed.
This application can be installed on computers running 64-bit versions of Microsoft Windows 7/8/10/11. All information entered into the tool is stored locally on the user’s computer. HHS does not collect, view, store, or transmit any information entered into the SRA Tool.
Download Version 3.4 of the SRA Tool for Windows [.msi – 70.4 MB]
SRA Tool Excel Workbook
This version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application. This version of the SRA Tool is intended to replace the legacy “Paper Version” and may be a good option for users who do not have access to Microsoft Windows or otherwise need more flexibility than is provided by the SRA Tool for Windows.
This workbook can be used on any computer using Microsoft Excel or another program capable of handling .xlsx files. Some features and formatting may only work in Excel.
Download Version 3.4 of the SRA Tool Excel Workbook [.xlsx – 128 KB]
SRA Tool User Guide
Download the SRA Tool User Guide for FAQs and details on how to install and use the SRA Tool application and SRA Tool Excel Workbook.
Download SRA Tool User Guide [.pdf – 3.3 MB]
What’s new in Version 3.4:
- Remediation Report – Track response to vulnerabilities inside the tool
- Glossary & tool tips – Hover over terms to get more information
- HICP 2023 edition references
- Bug fixes, usability improvements
SRA Webinars
ONC held 3 webinars with a training session and overview of the Security Risk Assessment (SRA) Tool. The slides for these sessions are posted here; a recording of the webinar (1 hour 3 minutes) is found here.
More information is available on this website – the Official Website of The Office of the National Coordinator for Health Information Technology (ONC).
BriggsNetNews 