The SRA tool is designed to help practices internally conduct and document a risk assessment in a thorough, organized fashion by allowing them to assess the information security risks in their organizations. You can save the information on your own system. The tool is available for downloading at http://www.healthit.gov/providers-professionals/security-risk-assessment-tool. The SRA takes providers through a tutorial of the same issues that would be addressed in an audit (but here, you can evaluate the questions yourself before you have to answer them in an audit). As you go through the SRA tutorial, you will answer questions about each of the regulatory sections. For each question, you can document your answers, comments, and risk remediation plans directly into the SRA tool. The SRA tool also produces a report and serves as your local repository for the information. The tool does not send your data anywhere else. However, if you answer “no,” or cannot answer a question that applies to your practice, the issue should be flagged and a plan of action should be implemented and documented immediately.
Please contact Wayne Kinkade or David Briggs of our Health Law Group if we can be of assistance.