The question is asked of HIPAA subject matter experts with an almost maddening frequency: “How often do I need to conduct a HIPAA Security Risk Analysis (SRA)?” In 2010, the Department of Health and Human Services’ Office for Civil Rights issued guidance on the topic. The guidance did not spell out how often the analysis is to be performed. Yet, the guidance [...]