Version 3.3 of the HHS Security Risk Assessment Tool Now Available

The Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) have released version 3.3 of the popular HHS Security Risk Assessment (SRA) Tool ( This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks.

The latest version of the SRA Tool contains a variety of feature enhancements based on user feedback and public input. New features include the incorporation of Health Industry Cybersecurity Practices (HICP) references, file association in Windows, improved reports, and other bug fixes and stability improvements.

Also new this year is the SRA Tool Excel Workbook. This alternative version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application.

This version of the SRA Tool is intended to replace the legacy “Paper Version” and may be a good option for users who do not have access to Microsoft Windows.