Updated Security Risk Assessment Tool 3.4 Now Available

Sep 13, 2023
The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are pleased to announce the release of version 3.4 of the Security Risk Assessment (SRA) Tool.

The Security Risk Assessment (SRA) Tool is designed to help healthcare providers conduct a risk analysis as required by the HIPAA Security Rule. Identifying and assessing potential risks and vulnerabilities to electronic protected health information (ePHI) is foundational to implementing security measures to protect ePHI. As hacking and ransomware attacks continue to increase within the health care sector, it’s now more important than ever, for organizations to improve their cybersecurity.

The downloadable SRA Tool is a desktop application that walks users through the security risk assessment process using multiple-choice questions, threat and vulnerability assessments, and asset and vendor management. References and additional guidance are given along the way. Reports are available to save and print after the assessment is completed.

The latest version contains a variety of feature enhancements based on user feedback and public input. New features include:

  • A Remediation Report to help track your responses within the tool
  • A Glossary and “Tool Tips” help
  • Updated references to Health Industry Cybersecurity Practices (HICP) for 2023 Edition
  • Bug fixes and stability enhancements

Download SRA Tool