Skip to main content
All terms
Compliance Operations

Security Risk Assessment

SRA

The documented analysis of risks to electronic protected health information required by the HIPAA Security Rule, together with the measures taken to reduce them.

In depth

The Security Rule requires a covered entity to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of its ePHI, and to implement reasonable safeguards. For a pharmacy this is a periodic, written exercise - inventorying systems and data flows, rating risks, and tracking remediation - not a one-time checkbox. A missing or stale SRA is one of the most cited HIPAA shortfalls.

Related terms

See where your pharmacy actually stands on Security Risk Assessment.

A mock inspection turns terms like this into a scored, prioritized fix list for your pharmacy.

Book a mock inspection