On October 16, 2018, version 3.0 of the Security Risk Assessment (SRA) Tool was released by the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC). This tool was designed to help providers construct security risk assessments, a requirement of the HIPAA Security Rule. Updates were made to make the tool easier to use, and to include more comprehensive coverage of risks regarding the safety of health information. New features include:
- Enhanced user interface
- Modular workflow
- Custom assessment logic
- Progress tracker
- Threats/vulnerabilities tracker
- Detailed reports
- Business associate and asset tracking.
The newest version is available for Windows computers and laptops and can be downloaded here.
Detailed instructions on how to use the SRA tool can be found in the OCR's user guide, here.