HIPAA Security Risk Assessment · Free · Local-first

Your HIPAA Security Officer in a box.

A free, plain-English Security Risk Assessment built for the clinic where the office manager is the Security Officer. See where you stand against the 2026 Security Rule — without your patient data ever leaving your machine.

Start your free SRA → See the 2026 changes
40%
Live 2026 readiness meter
Toggle what you've already got. Watch your readiness climb.

Everything an auditor asks for — in an afternoon

Ward mirrors the ONC/HHS SRA Tool's rigor and adds the one thing nobody in the small-practice price band ships well: a one-click 2026 readiness report.

🛡️

Guided 7-section SRA

Administrative, physical, and technical safeguards across the full HIPAA Security Rule — each question in plain English, tied to the exact 45 CFR citation.

📊

Risk register & heatmap

Rate each gap by likelihood × impact into Low / Moderate / High, ranked into an audit-ready risk-management plan.

⏱️

2026 readiness meter

Encryption everywhere, MFA on ePHI, the end of "addressable," 72-hour breach expectations — mapped to a live readiness score.

🔒

Local-first by default

It runs in your browser. Your answers and patient data stay on your machine. Nothing to leak, nothing in someone else's cloud.

📄

Reports & print-to-PDF

Export a full SRA, executive summary, POA&M, and risk register to Markdown/CSV, or print an audit binder — all client-side.

🤝

Vendors & BAAs

Track every business associate, their ePHI access, and BAA status — and the 2026 vendor-verification expectation.

From zero to audit-ready, in four steps

Answer the questions

Work through the 7 safeguard areas. Each has plain-English guidance — no security background needed.

Rate your risks

For each gap, pick a threat and rate likelihood and impact. Ward computes Low / Moderate / High automatically.

Check your 2026 readiness

The meter shows exactly which new mandatory items you've met and what's left — with what to do for each.

Export your binder

Generate the SRA, risk-management plan, and POA&M. Print to PDF for your records or an OCR auditor.

Launch the free SRA →

Common questions

Is Ward really a free HIPAA Security Risk Assessment tool?
Yes. Ward Free is a genuinely complete Security Risk Assessment — all 7 safeguard areas, the risk register and heatmap, the 2026 readiness meter, vendor/BAA tracking, and exports — at $0, with no signup and no card. It's built to replace the free ONC/HHS SRA Tool for clinics that need a Mac/Linux- and browser-friendly option.
How is Ward different from the ONC SRA Tool?
The ONC SRA Tool is Windows-only and SRA-only. Ward runs in any browser (and as a desktop app on Mac, Windows, and Linux), keeps the same rubric-based rigor, and adds a one-click 2026 Security Rule readiness report plus a vendor/BAA tracker — while keeping the gov tool's best feature: your patient data never leaves your machine.
Does my patient data (PHI) stay private?
Yes. Ward is local-first: your answers and any patient data are stored in your own browser or on your own device, never uploaded to our servers by default. Reports are rendered on your machine. Optional cloud sync (a paid feature) syncs control state, not patient data.
What is the 2026 HIPAA Security Rule and why does it matter?
The proposed 2026 overhaul ends the "addressable vs. required" distinction and makes encryption everywhere, MFA on ePHI, regular vulnerability scans, asset inventory, and business-associate verification mandatory. Every small practice has to re-baseline — and Ward's readiness meter shows exactly where you stand.
Who is Ward for?
Small healthcare practices and business associates in the USA and Canada — primary care, dental, behavioral health, optometry, chiro, PT, med spas, billing companies — where the office manager or owner is the designated HIPAA Security Officer with no security background. There's also an MSP multi-client console.

You don't need a security team. You need Ward.

The free local SRA is genuinely complete — an ONC-tool replacement that runs on any machine. Start now; no signup, no card, no PHI in anyone's cloud.

Start your free SRA

Explore Ward

Free HIPAA SRA tool

What "free" actually includes — and how it replaces the ONC tool.

SRA tool for Mac

The ONC tool is Windows-only. Ward runs on Mac, Linux, and the browser.

For healthcare MSPs

Run a templated SRA across every client and bulk the 2026 gap report.

Compare Ward

vs. the ONC SRA Tool, Accountable, Medcurity, and Compliancy Group.