Online HIPAA Security Risk Assessment

HIPAA requires all covered entities to evaluate the risks to and vulnerabilities of their computer systems.

The HIPAA Security Rule provides a road map for managing your cyber-risk and protecting your medical data.

This online security risk assessment guides you into compliance with all required HIPAA security policies and procedures.

Avoid any potential breach of your electronic Protected Health Information.

Use this online survey to complete your security risk assessment now.

Features of the Online HIPPA Security Risk Assessment (SRA)

This online SRA covers the entire HIPAA Security Rule. It provides your pratice with an accurate evaluation of your HIPAA compliance. You or your staff can complete the survey in the privacy of your office. There are no wrong answers. A final report gives you an assessment of where your office stands with HIPAA security and suggests how you can improve the overall security of your ePHI.

Don't just take our word for it.

Watch a walkthrough of the system

Watch Now

Read a Sample of the Security Risk Report

Review Now

Explore the security risk assessment

View Guided Tour


This HIPAA security risk assessment is based on requirements of information security that help protect the confidentiality, integrity, and availability of your patient records.

Risk Management

The online security risk assessment is based on the audit protocols used by the Office of Civil Rights when it conducts HIPAA audits. Ensure that you are meeting all of the documentation required to pass an audit.

User Friendly

Each section in the risk assessment can be completed by office staff or by business associates. Security questions guide you through the HIPAA security standards. Each question has its own drop down help menu with extensive notes.

Lower Your Costs

For just $699 your practice can save more than half the cost of an outside consultant conducting a risk assessment for you. Your office can answer the security questions and print out a risk assessment report that meets requirements of HIPAA, MIPS and Meaningful Use.

Take your security risk assessment with you.

The HIPAA Online Security Risk Assessment is designed with you in mind. You can fill out the survey anywhere, from your PC or mobile device.

Work is different today. Teams can be more collaborative and work together from many different locations. The Online Risk Assessment provides that mobile flexibility.

Sign-up Today

Benefits of the Online Security Risk Assessment

The HIPAA Security Rule requires physician practices to evaluate the security risks and vulnerabilities in their computer systems and to implement policies and procedures to address those risks and vulnerabilities.
Completing this online risk assessment helps ensure that your practice complies with the Security Rule.

Complete Coverage

Covers all sections of the HIPAA Security Rule and helps you identify every document the regulations require your practice to have. Let this website do the work for you.

Technical Inventory

Lets you add a complete inventory of the technologies you use in your practice so that you can better secure them. If you already have a technical inventory, you can upload it to a secure central storage included with this security risk assessment.

Print out Risk Assessment Report

When you complete all of the questions in the security risk assessment, you can immediately print out a Risk Assessment Report that offers steps for risk mitigation

Frequently Asked Questions

The HIPAA security standards have been in place for almost two decades. One of the first requirements of HIPAA security is for every covered entity to conduct a risk analysis to assess the practice’s vulnerabilities and risks inherent in protecting the electronic protected health information (ePHI). Physician practices that have not completed a risk assessment can face fines from the Office of Civil Rights (OCR).
The technical inventory helps you identify all of the equipment in your practice that stores or transmits electronic protected health information (ePHI). The more details you can include in this technical survey, the better documented your inventory will be.
This online risk assessment lets you assign staff members to different sections of the survey, which could be an efficient approach to completing the survey.
The risk assessment report summarizes the findings of the risk analysis and identifies policy and procedure documents that you need to develop.

Pricing for every business, at any stage

All pricing packages are backed up by a 30-day money back guarantee.

The Development Team of the Online Security Risk Assessment

The online SRA partners collectively have over a hundred of years of experience in HIPAA, Health IT, privacy and security and web and database development. Here is the team:


Christopher Sullivan, PhD

Christopher Sullivan, PhD is the Founder of HIPAA Risk Analytics and the CEO of Image Research, a communication consulting firm that specializes in medical informatics, HIPAA privacy and security, the Merit-based Incentive Payment System (MIPS), health information exchange and health data analysis. He has taught courses in these areas at Florida State University, Florida International University and Nova Southeastern University. Christopher has three decades of experience in academics, Florida State agencies, software development, health care management and education.


Sue Miller, JD

Sue Miller, JD is a national HIPAA and HITECH health care expert and strategist who has consulted with covered entities, business associates, technology companies, Affordable Care Organizations, Regional Extension Centers, state Medicaid Agencies and federal agencies such as the Office of Civil Rights, the National Institute of Standards and Technology, and the Colleges of Medicare and Medicaid. Sue developed the NIST HIPAA Security risk analysis and audit tool as well as HIPAA privacy and security tools for risk analysis and assessment, audit, breach notification and HIPAA policies and procedures, plus contingency plans, disaster recovery plans, training plans and training materials used by both covered entities and business associates.


Walt Culbertson

Walt Culbertson is the founder and President of Connecting Healthcare®, dedicated to healthcare administrative and clinical transactions success since 2004. He is host and producer of "Jacksonville's Medical Update Show" and is a featured speaker at healthcare and industry conferences, forums, summits, and events. Walt is a leading HIT educator and lecturer, healthcare technologist and HIPAA authority. Walt's first book, Miracles and Meltdowns: "What We Didn't Know About Healthcare Until It Was Too Late," is a memoir of his wiofe's five-year war with cancer and the fractured American health care system.


Isaac Sullivan

Isaac Sullivan has worked as a software professional, web developer, database manager and lead research technologist for over two decades.