HHS has developed a Security Risk Assessment (SRA) tool to help providers comply with a Health Insurance Portability and Accountability Act (HIPAA) requirement that covered entities conduct a risk assessment to ensure compliance with HIPAA’s administrative, physical, and technical safeguards and to determine where electronic protected health information could be at risk. The SRA tool is intended to help entities regulated under HIPAA better understand potential vulnerabilities and identify safeguards that they could institute.