HHS SRA Tool

The Security Risk Assessment (SRA) Tool is meant to assist small and medium providers and professionals as they perform a risk assessment.

The SRA Tool takes you through each HIPAA requirement by presenting a question about your organization’s activities. Your “yes” or “no” answer will show you if you need to take corrective action for that particular item. There are a total of 156 questions.

• Resources are included with each question to help you:
• Understand the context of the question
• Consider the potential impacts to your PHI if the requirement is not met
• See the actual safeguard language of the HIPAA Security Rule