A missing HIPAA Security Risk Assessment (SRA) is the top reason medical offices get tripped up in HIPAA and MIPS audits. A yearly SRA documented and training for all staff is required for all medical related entities. We recommend MyMeducator.com for the easiest way to complete your SRA checklist, meducate staff with e-learning programs, and perform chart audits.