SRASRA ReadyHIPAA Security Rule · 45 CFR §164

Self-serve compliance tooling

A HIPAA Security Risk Assessment your auditor will actually accept.

Answer 28 questions mapped directly to the HIPAA Security Rule risk-analysis requirement. Get a dated, branded SRA report and a prioritized remediation plan — the documentation OCR asks for first after a breach.

Free to assess · ~10 minutes · no account
§164.308(a)(1)(ii)(A)

Built on the rule, not a generic checklist

Every question cites the exact CFR specification it tests — administrative, physical, technical, and documentation safeguards.

Remediation

A gap list you can act on

Each control you can't check yes becomes a prioritized, plain-English remediation step ranked by severity.

PDF

An artifact, dated and signed by you

Download a branded, date-stamped report with a full response appendix — the record auditors expect you to keep for six years.

What the assessment covers

45 CFR §164.308Administrative Safeguards14 controls
45 CFR §164.310Physical Safeguards4 controls
45 CFR §164.312Technical Safeguards7 controls
45 CFR §164.316 / §164.404Policies, Documentation & Breach3 controls