An IT managed services company, located just outside Suntrust park, home of the Atlanta Braves| 770-933-7011

HIPAA Security Risk Assesment

The Security Risk Assessment (SRA) is required annually for healthcare facilities to be compliant with the HIPAA Security Rule and HITECH Act.   In addition, for healthcare facilities participating in Meaningful Use incentive measures, this is a critical component.

What We Offer


The SRA is a review of your security management process, security policies, procedures and documentation, security and your workforce, data, practice, vendors and contingency planning.  Upon completion of the SRA, a Risk Report will be provided that includes a Risk Assessment Rating, Vulnerabilities and Areas for Review.


SunLink Health Systems Technology reviews your risk in the following five areas of HIPAA.

Administrative Safeguards

The Security Rule defines administrative safeguards as, “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”

Physical Safeguards

“physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” The standards are another line of defense (adding to the Security Rule’s administrative and technical safeguards) for protecting EPHI.

Policies, Procedures and Documentation Requirements

In addition to the policies, procedures and documentation contained throughout the Security Rule, § 164.316 sets forth specific requirements for all policies, procedures and documentation required by the Rule.

Organizational Requirements

These standards provide the specific criteria required for written contracts or other arrangements for business associates and group health plans under the HIPAA Security Law.

Technical Safeguards

The Security Rule defines technical safeguards in § 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”

Elevate Your SRA with optional add on services.

Vulnerability Testing

Vulnerability scans and vulnerability assessments search systems for known vulnerabilities. A penetration test attempts to actively exploit weaknesses in an environment. Regular vulnerability scanning is necessary for maintaining information security. 

Phishing Simulation

Educating your employees is an essential part of any defense. It can help you improve awareness, change users’ behavior, and reduce risk.  Simulation emails help employees understand how to spot an advanced attack and prevent future breaches.

Ready to get started?

Get in touch by phone 770-933-7011 or email.