Security Risk Analysis

It is more important now than ever before, to build your risk management program using an industry framework and proven software solution. Balance security with the unique needs of ongoing healthcare treatment, payment and operations.

HIPAA Enforcement is Becoming Commonplace

Healthcare organizations, health plans, and business associates are required to perform a HIPAA Security Risk Analysis (SRA) on an annual basis to maintain their HIPAA compliance and fulfill their responsibilities to secure and protect PHI. Our cloud-based SRA solution was designed to help organizations of all sizes to simplify and automate the complexities of achieving and maintaining HIPAA compliance.  

What is a Security Risk Analysis?

A security risk analysis (SRA) identifies risks and vulnerabilities that can leave an organization susceptible to a data breach resulting in compromised health information. Organizations that complete and review their SRA on an annual basis have the policies, procedures, and documentation in place to fulfill their obligations to PHI security and privacy, address security incidents as they happen, and provide documentation for due diligence in case of an audit.

HIPAA One Compliance Seal

HIPAA One Compliant Seal

Once you have completed your Security Risk Analysis, you may display the HIPAA One® Certified Compliant Seal on your website (click on our's at the footer (bottom) of our web pages). This Compliance seal assures visitors that your organization has completed the necessary steps to work towards HIPAA compliance. Please contact us at to receive your code snippet to display your own Compliance Seal and Certificate on your organization's website.

Security Risk Assessment Engagement Types


Independently Conduct your Risk Assessment. Our Self SRA Includes: 

  • Kick-off call
  • Assessor support
  • Access to policy and procedure template library
  • Customer independently conducts assessment and remediation planning
  • Customer Signs Final report

Facilitated Remote Assessment

Online Assistance to Conduct your Risk Analysis. Our Facilitated Remote SRA Includes: 

  • Kick-off call
  • Assessor support
  • Access to policy and procedure template library
  • Assessment responses and remediation plan reviewed by Assessor
  • Assessor signs final report

Validated Assessment

Assessor-led Risk Assessment. Our Validated SRA Includes: 

  • Evidence-based findings validated by Assessor
  • Historical trend analysis of previous HIPAA SRA's
  • Access to policy and procedures template library
  • Physical walk-through guidance
  • Criticality levels based on Common Vulnerability Scoring System (CVSS)
  • Executive and technical presentation
  • HIPAA Privacy & Breach Assessment (optional)

Every Security Risk Assessment incorporates OCR audit protocol and maps findings to the NIST cybersecurity framework.

HIPAA Risk Analysis Automation Software

Microsoft Corporation named HIPAA One "...the leading HIPAA compliance software and services firm..." At HIPAA One, we follow the HHS Office for Civil Rights HIPAA Audit Protocol while leveraging a "Turbo-Tax"-like self-guided workflow. Our software follows CSF and NIST-based methodologies to calculate risk automatically then provide a living, breathing data repository to manage ongoing compliance, risk and cyber-security remediation.  All documentation is maintained for single-click downloads to PDF and CSV formats. 

  • 01

  • Gather Information

    Conduct Surveys, Interviews, Inventory, etc.

    Participant login, answer simple questions, and optionally import all of last year's work.

  • 02

  • Remediation Planning

    Results of Step 1, develop and assign tasks, calculate risks.

  • 03

  • Sign & Add Reviewers

    Finalize report, create an action plan, set target dates and prioritization for remediation, documentation, auto-reminders and maintenance. 

  • 04

  • Final Report & Action Plan

    Ongoing remediation, action plan, final review and executive report. 

Based on the HIPAA Audit Protocol, NIST methodologies and secure cloud technologies, HIPAA One rigorously follows this process to conduct a Security Risk Analysis per the following Federal guidance:

Assessment Process:

  • Identify-Threat-Sources

    Identify Threat Sources & Events

  • Identify-Vulnerable

    Identify Vulnerable & Predisposing Conditions

  • Determine

    Determine Likelihood of Occurrence

  • Determine-Magnitude

    Determine Magnitude of Impact

  • Determine-Risk

    Determine Risk









Pass Rate

five star review


Star Reviews

Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.


Join Us in Our Mission to Simplify HIPAA Compliance!

Simple. Automated. Affordable.

Scroll to Top