MS-Excel based tool created as a basis to assess HIPAA Security Rule compliance programs. The Security Risk Analysis is a questionnaire designed for covered entities (acute and ambulatory sites) and business associates based upon the HIPAA Security Rules and NIST Guidelines. Standard, intermediate and audit formats available with dynamic question presentation. Extensive coverage of all areas of HIPAA security.

This tool has been presented to OCR and to CMS for meaningful use required security risk analysis with no pushback from the regulators. The question sets differ somewhat based upon the type of business associate or covered entity. The SRA tool is has callouts for each line item to the appropriate policies within the CompliancePro Security Policy Manual. See the SRA sample within the “Samples” link.

A. Security Risk Analysis (SRA)

If you have further questions please contact Kelly McLendon, RHIA, CHPS at [email protected].