Terms of use and privacy policy

Before you can sign up for SRA Online, please read the terms of service below. You must read and agree to be bound by these terms. Subscribing to SRA Online means that you have read these terms and agree to be bound by them.

By subscribing to, and using, SRA Online, you acknowledge:

• SRA Online is not legal advice, not intended to serve as legal advice, and does not replace the advice of a licensed professional.
• SRA Online is not intended to be a complete resource for ensuring the privacy and security of your practice.
• You will hold SRA Online LLC harmless in the accuracy or completeness of your security risk assessment.
• Use of the SRA tool, its materials, or SRA Online is neither required by nor guarantees compliance with federal, state or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations. SRA Online is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. Each circumstance is unique.

For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights Health Information Privacy website.

How SRA Online Works

SRA Online uses a modified version of the questionnaire in the HealthIT.gov SRA Tool page. Once you have completed the questionnaire, you can use SRA Online's artificial intelligence (AI) features to generate a risk analysis based on your responses.

SRA Online and its artificial intelligence features have not been reviewed or endorsed by the Department of Health and Human Services, the Office of Civil Rights, or any local, state, or federal body.

The NIST Standards referenced in SRA Online are partially based on those provided by the SRA Tool at HealthIT.gov. The standards are provided for informational purposes only as they may reflect current best practices in information technology. They are not required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. SRA Online recommends referring to the NIST Standards as you conduct any risk analyses.

Personal information SRA Online collects from you.

SRA Online collects (1) your email address and (2) your credit card information.

How we use and disclose the information we collect from you.

SRA Online uses your credit card information to collect payment for your subscription. SRA Online uses Stripe to process payments. This includes using a required fraud detection cookie from Stripe. Your credit card information is never stored in SRA Online.

SRA Online uses your email address to create your user account, send account confirmation messages, send password resets, send invoices, and send receipts.

Unless required by law, none of your personal information will ever be disclosed or sold by SRA Online without your consent.

How SRA Online uses artificial intelligence (AI)

Using a large language model, SRA Online uses your responses to the SRA questionnaire to generate a risk analysis. Without your prior consent, SRA Online will not use or disclose the results of your AI-generated analysis for any reason.

Subscriptions

SRA Online charges an annual subscription fee. The subscription price entitles a single user to use the SRA Online service. You may not share your subscription with any other practice, person, or entity. Users who violate this policy will be subject to account termination without refund.

Cancellation of subscription and refunds.

SRA Online implements a 'one-click-to-cancel' policy. You can cancel your SRA Online subscription at any time in your customer profile. Cancellations within seven days of signing up are eligible for a refund, minus Stripe's payment processing fee. You can contact the site administrator on your customer profile page if you have questions or require assistance.

Thank you for choosing SRA Online. If you have questions, you can reach me via my website.