Lexology September 10, 2025
Mintz

In a move that underscores the growing urgency around health care cybersecurity, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released version 3.6 of its Security Risk Assessment Tool (SRA Tool). The SRA Tool is a free resource designed to help covered entities and business associates conduct HIPAA-compliant security risk assessments. It is particularly focused on small and medium-sized providers and can be a useful tool for any smaller entity subject to HIPAA. Non-provider entities, including business associates, may need to make modifications to the tool to fit their operations and security infrastructure.

This update improves the usability of the tool, including by adding a “reviewed by” feature to allow organizations to track...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article