Our apologies if THAT song from the 80s is now playing in your head, but it may be the reminder you need to get this required year-end to-do crossed off your list!

It’s that time of year again! The end of the year is quickly approaching, which signals the last opportunity to have a Security Risk Analysis completed for the 2016 calendar year. Have you fulfilled your obligation?

The Security Risk Analysis, or SRA, is required by HIPAA. Covered Entities and Business Associates must meet the HIPAA requirement to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of protected health information held by the organization.” Not only is a SRA required by HIPAA, but Meaningful Use and now Advancing Care Information under MIPS also demand the execution of the Security Risk Analysis process.

What’s at risk if you don’t complete an SRA during the calendar year as required? Well, a lot. The Office of Civil Rights is conducting audits and organizations are being fined to the tune of $5.5 million for lack of an appropriate Security Risk Analysis.

There’s still time! Fulfill your obligation and complete your Security Risk Analysis before December 31st.


As healthcare data experts, ScanSTAT Technologies offers a comprehensive HIPAA compliance solution, which includes a team of experts conducting your Security Risk Analysis for you. If you’d like to learn more about the ScanSTAT Security Risk Analysis solution, please email Kathryn Ayers Wickenhauser, our Regulatory Compliance Advisor, at Kathryn.Wickenhauser@ScanSTATTechnologies.com. Kathryn will provide a customized quote based on your total number of employees (including providers).

Share This