Skip survey header

HIPAA Security Risk Assessment


Welcome to aNetwork's HIPAA Security Risk Assessment (SRA). The following assessment will take 10-20 minutes to complete. You can bookmark our page and save your place in the SRA so that you may complete it at your own pace.

Our HIPAA SRA is an evaluation of your healthcare organization that ensures you are compliant with HIPAA’s administrative, physical, and technical requirements.

The objective of the HIPAA risk assessment is to reveal weaknesses in the way you create, store, and handle protected health information (PHI) within your organization.

HIPAA law requires every healthcare organization or covered entity that deals with PHI to complete a HIPAA risk assessment.


This HIPAA SRA enables businesses to achieve the following:

  • Identify where and how PHI is stored, received, maintained or transmitted
  • Identify and document potential threats and vulnerabilities to PHI
  • Evaluate and identify current security measures used to safeguard PHI
  • Assess and evaluate security policies and procedures used to safeguard PHI
  • Determine the likelihood of threats and security incidents
  • Assess the likelihood and impact of a breach of PHI
  • Define and assign risk levels for vulnerability and impact combinations
  • Document assessment and take necessary action