Healthcare Security Risk Assessment (SRA)

A Better Way to Manage Your HIPAA Security Compliance


Our Security Risk Assessment (SRA) offering now combines Intraprise Health’s highly rated security services with the industry’s leading HIPAA SRA software platform, HIPAA One®, to deliver a complete SRA solution for healthcare.

Customers can now leverage our comprehensive SRA assessor services through HIPAA One’s software platform (built on the NIST Cybersecurity Framework). SRA customers can access our assessor’s notes and findings through the HIPAA One platform.  During and upon completion of the assessment, auto-generated reporting, including the final report of findings, as well as HIPAA One’s remediation management module can be utilized for an enterprise-wide, full-lifecycle and scalable approach to HIPAA security and compliance.

Learn about HIPPA One SRA software

Healthcare SRA Process

During the course of a Security Risk Assessment we will:

  • Map vulnerabilities identified to both HIPAA (as amended by HITECH and the Omnibus 2013 Final Rule), NIST Cybersecurity Framework and the HITRUST CSF
  • Ensure HIPAA Compliance
  • Draft a comprehensive Report of Findings incorporating practical, real-world remediation recommendations
  • Present findings and recommendations in stakeholders’ briefing session(s)
  • Provide subject matter expertise for senior management decisions, regarding risk
  • Assist with alignment of strategy, business objectives, and information assurance

We provide the structure, detail, and clarity you need to:

  • Evaluate HIPAA/HITECH compliance
  • Document current state of security controls
  • Meet the requirements associated with Meaningful Use
  • Identify gaps that pose true business risk
  • Create a practical remediation roadmap
  • Establish a sustainable operating model for information security and privacy


Healthcare SRA Engagement Types

Self Assessment

Independently Conduct your Risk Assessment

Self SRA Includes:

  • Kick-Off call
  • Assessor Support
  • Access to policy and procedure template library
  • Customer independently conducts assessment & remediation planning
  • Customer signs final report

Facilitated Remote Assessment

Online Assistance to Conduct your Risk Assessment

Remote SRA Includes:

  • Kick-Off call
  • Assessor Support
  • Access to policy and procedure template library
  • Assessment responses and remediation plan reviewed by Assessor
  • Assessor signs final report

Validated Assessment

Assessor-led Risk Assessment

Validated SRA Includes:

  • Evidence based findings validated by Assessor
  • Historical trend analysis of previous HIPAA PBRA’s
  • Online walk-through practice
  • Criticality levels based on Common Vulnerability Scoring System (CVSS)
  • Executive and Technical Presentation
  • HIPAA Security Risk Assessment (optional)

Additional Information

Blog Post

Focused SRA: Remote Work for Healthcare Organizations in the Age of COVID-19


Performing an Annual Security Risk Assessment

SRA Checklist

Take a fresh look at your Annual Security Risk Assessment


Ready to get started? Have questions for our HITRUST, HIPAA or security teams?

We’re happy to help.