HIPAA Security Risk Assessment (SRA)

Client‑side only • No data leaves your browser • Export report via Print → Save as PDF

45 CFR 164.308, 164.310, 164.312, 164.316

This tool helps you perform an annual HIPAA Security Risk Assessment focusing on Administrative, Physical, and Technical safeguards. It calculates risk based on likelihood × impact, captures gaps and remediation plans, and assembles a printable report. No information is transmitted or stored remotely.

Total Controls
–

Answered
0

Overall Score
0%

Risk Level
–

Organization

Legal name of the Covered Entity or Business Associate

Assessment Date

When this SRA is being performed

Assessor

Name & role of who completed the SRA

Scope

Systems, facilities, ePHI repositories, business processes included

Controls Checklist

Answer: Yes (2), Partial (1), No (0)

Compliance Matrix

Overview of HIPAA Security Rule families

Risk Register

Key Threats & Vulnerabilities Summarize what could go wrong (e.g., lost laptop, phishing, misconfig, home Wi‑Fi)

Likelihood (1–5) Impact (1–5)

Risk Score: 9

Remediation Plan Actions, owners, due dates (e.g., enable MFA on email by 2025‑10‑31; Intune MDM enforce BitLocker; BAA with vendors)

Residual Risk Acceptance Document what risk remains and who approved it (if any)

Management Attestation

I attest that this assessment is accurate to the best of my knowledge, and I authorize the remediation plan.

Executive Name / Title

Date