HHS Issues Free Data Security Assessment Tool
 
    9/25/2025
Data Security
Technology


Recently the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), developed an updated free downloadable Security Risk Assessment (SRA) Tool to help guide health care providers conduct a security risk assessment as required by the HIPAA Security Rule. The target audience of this tool is medium and small providers that may lack resources or the expertise of full-time system security officers. 

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and its business associates conduct a risk assessment of their health care organization. A risk assessment helps organizations ensure compliance with HIPAA’s administrative, physical, and technical safeguards. It also helps reveal areas where an organization’s protected health information (PHI) could be at risk. To learn more about the assessment process and how it benefits organizations, visit the Office for Civil Rights' official guidance. 

Fast Facts and links to the Free SRA Tools: 

  • The SRA Tool runs on your computer and is not connected to or accessible by any government agency or other entity.  

  • There are no requirements to use the tool or to submit any information from the tool to any entity. 

  • The SRA Tool is a downloadable desktop Windows-based application that walks users through the security risk assessment process using a simple, wizard-based approach. Users are guided through 125 multiple-choice questions about threat and vulnerability assessments and asset and vendor management. References and additional guidance are given along the way. Reports are available to save and print after the assessment is completed.  

  • A downloadable Excel Workbook version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application. This version of the SRA Tool is intended to replace the legacy "Paper Version" and may be a good option for users who do not have access to Microsoft Windows or otherwise need more flexibility than is provided by the SRA Tool for Windows. 

Related News

Technology
Prioritizing AI Investments in Senior Care
While some are moving forward with AI, others are in a wait-and-see mode. If you’re holding back on fully embracing AI, here are some discussion points to consider that will help you be successful.
READ MORE
Technology
Workforce
How a Tech-Enabled HR Approach Empowers Care Staff, Improves Retention
While technology can’t solve every problem, the right systems can help organizations reimagine their recruitment, onboarding, scheduling, and pay experiences to help boost job satisfaction, reduce burnout, and nurture teams that are happy to boast long-term retention.
READ MORE
Technology
Telemedicine
AI as an Equalizer Building Accessible Telehealth Platforms
Complex interfaces, poorly designed tools, and a lack of adaptability exclude those who need telehealth the most. Artificial intelligence (AI) is poised to change this narrative by powering solutions that prioritize accessibility.
READ MORE
View All News

Related Articles

Technology
9/10/2024
TESSA the Talking Flowerpot Robot and Innovation in Long Term Care
An aging person can benefit from innovation in patient-monitoring, adaptive, and supportive technology that may include artificial intelligence.
READ MORE
Technology
5/31/2024
Navigating the Federal Information Blocking Regulations
What you need to know about information sharing, the information blocking regulations, and why they are important to you.
READ MORE
Technology
Caregiving
5/31/2024
New Tools Grow Out of Pandemic Lessons
The Cooperative enables facilities to drill down into specifics such as how they’re performing on a certain quality measure.
READ MORE