HIPAA Security Risk Assessment Tool Released by HHS

Date posted: April 7, 2014

The Department of Health and Human Services (HHS) released a new security risk assessment (SRA) tool to aid small- to medium-sized provider practices in complying with the Health Insurance Portability and Accountability Act (HIPAA).  HIPAA requires organizations handling protected health information (PHI) to regularly review the administrative, physical and technical safeguards they have in place to protect the security of PHI.  HIPAA also requires the performance of risk assessments to help identify potential weaknesses and vulnerabilities in organizations’ systems and processes, and to aid in prevention of PHI data breaches or other adverse security events.

The HHS SRA tool is available at:


HHS is accepting public comments on the SRA tool until June 2, 2014.

The HHS press release regarding the SRA tool is available at:


Department of Health and Human Services.  “HHS releases security risk assessment tool to help providers with HIPAA compliance.”  News Release. 28 Mar. 2014.

‹ Return to the Main News Page
‹ Return to the CRC Homepage