sra tool user guide...required for compliance with the hipaa security rule’s requirements for risk...
TRANSCRIPT
![Page 1: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/1.jpg)
DISCLAIMER The Security Risk Assessment Tool at HealthIT.gov is provided for
informational purposes only. Use of this tool is neither required by nor guarantees compliance with
federal, state or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and professionals. The Security Risk Assessment Tool is not intended to be an
exhaustive or definitive source on safeguarding health information from privacy and security risks. For more information
about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights (OCR) Health Information Privacy website at: www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
NOTE: The NIST Standards provided in this tool are for informational purposes only as they may reflect current best practices in information technology and are not
required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice or as
recommendations based on a provider or professional’s specific circumstances. We encourage providers, and professionals to seek expert advice when evaluating the use of this tool. Create Date: October 16, 2018
Security Risk
Assessment Tool v3.2
User Guide
![Page 2: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/2.jpg)
Contents
![Page 3: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/3.jpg)
•
•
•
•
•
•
•
![Page 4: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/4.jpg)
![Page 5: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/5.jpg)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
![Page 6: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/6.jpg)
•
•
•
•
•
![Page 8: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/8.jpg)
![Page 9: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/9.jpg)
![Page 10: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/10.jpg)
![Page 11: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/11.jpg)
![Page 12: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/12.jpg)
![Page 13: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/13.jpg)
![Page 14: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/14.jpg)
![Page 15: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/15.jpg)
![Page 16: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/16.jpg)
![Page 17: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/17.jpg)
![Page 18: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/18.jpg)
![Page 19: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/19.jpg)
![Page 20: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/20.jpg)
![Page 21: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/21.jpg)
![Page 22: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/22.jpg)
![Page 23: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/23.jpg)
![Page 24: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/24.jpg)
![Page 25: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/25.jpg)
![Page 26: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/26.jpg)
![Page 29: SRA Tool User Guide...required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice](https://reader034.vdocuments.net/reader034/viewer/2022051905/5ff76daad29b455c0f347d9e/html5/thumbnails/29.jpg)