← Back to BLOG

The Importance of a Security Risk Assessment (SRA)

The Importance of a Security Risk Assessment (SRA)

One of the most important aspects of complying with the HIPAA Security Rule is to perform a Security Risk Assessment, also known as a Security Risk Analysis, to evaluate how an organization is protecting patient data.  Every organization covered by HIPAA (Covered Entities and Business Associates) must perform an SRA.  According to the Office of Civil Rights (OCR), the HHS division that enforces HIPAA, the SRA is THE most important document in HIPAA compliance.  It is the document that will first be looked at in any type of audit or investigation.

In addition to providing recommendations on how to reduce a data breach, the SRA process is widely considered to be the best practice in cybersecurity circles.  Cybersecurity is an issue for all organizations to deal with, not just HIPAA covered entities. Many organizations that are not in the healthcare field conduct regular SRAs as a way of reducing risk in their business and helping keep their business systems operational.

How does it work? The SRA looks at all systems that contain electronically protected health information (ePHI or patient information). It evaluates all the threats to ePHI, looks at all vulnerabilities to the systems that contain ePHI and evaluates the current protections that are in place to protect ePHI. Based on all of the information that is gathered and evaluated the results of the SRA will show the areas of greatest risk of a breach, and provide a playbook (we call it the Work Plan) for how additional protection can lower the risk of a breach of patient information.

For many organizations, an SRA can be a time-consuming process. Let navitend make the process easier for you.  Call 973.448.0070 ext 312 and ask for Patrice to start the process of your Risk Assessment today.

Contact us at 973.448.0070


  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary