Security Risk Assessment (SRA) Services

UL’s Security Risk Assessment (SRA) services allow healthcare providers to stop worrying about security vulnerabilities and focus on patient care.


Theft of patient medical records and personal information is on the rise. Health Information is being recognized as a valuable commodity on the black market and recent news has unveiled the susceptibility of health organizations to breaches, sometimes resulting in severe penalties. UL’s Security Risk Assessment (SRA) services identify vulnerabilities in healthcare settings allowing healthcare providers to focus on patient care. All of UL’s SRA services can be tailored to meet an individual practice or hospital’s needs.


For healthcare professionals, patient care and HIPAA Compliance are top priorities. UL’s services are specifically crafted with the healthcare professional in mind working hand in hand towards a common goal of integrity and patient wellbeing.

UL’s extensive qualifications in the areas of Healthcare and IT Security allow us to efficiently conduct an SRA tailored to a hospital or clinic’s individual needs without tying up valuable resources. We use a combination of on-site, remote and automated assessment techniques to ensure a thorough and rapid assessment. We foster long term relationships to ensure assessments are up to date in a rapidly changing environment, and our process and reports work for both HIPAA and MU, greatly reducing breach liability.

Services Include

Compliance Workshops 

UL conducts onsite, public or remote Security Risk Assessment workshops. The hands-on, interactive workshop provides a clear and practical understanding of the security requirements with interactive examples. At the end of the workshop, attendees will walk away with the ability to evaluate their facility to identify security risks and better protect patient information.

HIPAA Security Risk Assessment

An assessment is conducted either onsite at the covered entity’s facility or remotely. The assessment includes personnel interviews, policy conformance, and a physical security review. Following the assessment, a report is delivered that clearly identifies, categorizes, and quantifies the identified security risks. The output of this report can be used as the basis for the risk management plan and Meaningful Use (MU) SRA attestation.

UL offers three levels of SRA’s:

  • Remote Guidance SRA - For those entities with a limited budget and staff, we conduct the risk assessment remotely to help cut costs for smaller clinics, specialty offices, pharmacies, and business associates.
  • Basic SRA - A one-day onsite risk assessment where UL will assist the provider or hospital in going through a risk assessment questionnaire. For larger sites, the risk assessment can be extended to multiple days.
  • Audit and Post Breach SRA - UL conducts an onsite assessment of the covered entity’s facility over a 3 – 5-day audit. This extensive assessment goes through the HHS toolkit with results that facilitate the creation of a Risk Management Plan with potential mitigation strategies for identified risks. This option is beneficial for all covered entities but especially recommended for those that have had a breach occur.


Related news

Get in touch