Security Risk Analysis

It is more important now than ever before, to build your risk management program on a methodical and proven software solution. Balance security with the unique needs of ongoing healthcare treatment, payment and operations.

HIPAA Enforcement is Becoming Commonplace

As a result of the changes driven by The HITECH (Health Information Technology for Economic and Clinical Health) Act, all Covered Entities and Business Associates must be compliant. Completing a formal Security Risk Analysis is an essential step in doing so.  Breaches over 500 must be reported within 60 days (less for many States). 

Audits requiring a current HIPAA Security Risk Analysis can be triggered by: Medicare Promoting Interoperability, Payment Program Eligibility (MIPS), Patient Complaints, Random Audit Programs, Breach Notice (Hacking Incident, Theft or Loss, Unauthorized Access, etc.), State Attorney Generals, or Breaches by Business Associates. 

What is a Security Risk Analysis?

A security risk analysis (SRA) identifies risks and vulnerabilities that can leave an organization susceptible to a data breach resulting in compromised health information. According to the Office of Health and Human Services, a Security Risk Analysis must be completed and reviewed each year and its documentation proves due-diligence.

HIPAA One Compliance Seal

HIPAA One Compliant Seal

Once you have completed your Security Risk Analysis, you may display the HIPAA One® Certified Compliant Seal on your website (click on our's at the footer (bottom) of our web pages). This Compliance seal assures visitors that your organization has completed the necessary steps to work towards HIPAA compliance. Please contact us at [email protected] to receive your code snippet to display your own Compliance Seal and Certificate on your organization's website.

HIPAA Risk Analysis Automation Software

Microsoft Corporation named HIPAA One "...the leading HIPAA compliance software and services firm..." because we recommend Office 365's Cloud Security and Compliance features for healthcare.  At HIPAA One, we follow the HHS Office for Civil Rights HIPAA Audit Protocol while leveraging a "Turbo-Tax"-like self-guided workflow. Our software follows CSF and NIST-based methodologies to calculate risk automatically then provide a living, breathing data repository to manage ongoing compliance, risk and cyber-security remediation.  All documentation is maintained for single-click downloads to PDF and CSV formats.

Our online software allows collaboration and delegation between departments (many hands make light work) covering physical, administrative and technical safeguards.  Cybersecurity updates and natural-language surveys cover current threats that satisfies regulatory enforcement and industry standards for cloud or traditional IT infrastructures.  Advanced features ensure true scale-ability for organizations of all types and sizes.

  • 01

  • Gather

    Conduct Surveys, Interviews, Inventory, etc.

    Participant login, answer simple questions, and optionally import all of last year's work.

  • 02

  • Remediation Planning

    Results of Step 1, develop and assign tasks.

  • 03

  • Sign & Add Reviewers

    Ongoing remediation and documentation automatically maintained.

Based on the HIPAA Audit Protocol, NIST methodologies and secure cloud technologies, HIPAA One rigorously follows this process to conduct a Security Risk Analysis per the following Federal guidance:

Assessment Process:

  • Identify-Threat-Sources

    Identify Threat Sources & Events

  • Identify-Vulnerable

    Identify Vulnerable & Predisposing Conditions

  • Determine

    Determine Likelihood of Occurrence

  • Determine-Magnitude

    Determine Magnitude of Impact

  • Determine-Risk

    Determine Risk









Pass Rate

five star review


Star Reviews

Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.


Join Us in Our Mission to Simplify HIPAA Compliance!

Simple. Automated. Affordable.

Scroll to Top