HHS’s Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) have released Security Risk Assessment (SRA) Tool v3.6, a free resource to help covered entities and business associates meet the HIPAA Security Rule’s risk-analysis requirement. The desktop tool uses a simple, wizard-based workflow and generates printable reports—ideal for small and medium providers.

What’s new in v3.6

• Updated, NIST-aligned risk scale
• Enhanced reports and refreshed library files (installed with the app)
• Improved questions, responses, and education throughout
• New section approval/confirmation capture (approver name & date) for audit trails

Get it / Learn more

• Download SRA Tool v3.6 for Windows (.msi ~73 MB)
• User’s Guide and additional resources

Note: Larger organizations may prefer enterprise Governance, Risk, and Compliance (GRC) platforms; the SRA Tool is primarily intended for small–medium practices.