A free, plain-English Security Risk Assessment built for the clinic where the office manager is the Security Officer. A live 2026 Security Rule readiness meter shows exactly where you stand — mandate by mandate, severity-weighted — and turns every gap into a tracked plan. All without your patient data ever leaving your machine.
Ward mirrors the ONC/HHS SRA Tool's rigor and adds what nobody in the small-practice price band ships well: a live, severity-weighted 2026 readiness meter, and the modules the new rule turns into requirements — asset inventory, written policies, recurring-test tracking, and an incident & breach log with built-in notification deadlines.
Administrative, physical, and technical safeguards across the full HIPAA Security Rule — each question in plain English, tied to the exact 45 CFR citation.
Ten headline 2026 mandates, each scored Ready / Partial / Gap and weighted by severity — and each labeled proposed or final so you know what's settled. Your single most-important number, live as you answer.
Risk management, not just analysis. Give every gap — and every 2026 mandate — an owner, target date, and status. Ward flags what's overdue and sorts the 2026-required items first.
The 2026-required inventory of every system that touches ePHI, with a written data map. Ward flags any asset that holds ePHI but isn't encrypted.
Ten editable, plain-English HIPAA policy templates — each CFR-cited — with local version history and workforce attestation. Export the whole manual.
Track the recurring 2026 obligations — vuln scans, pen tests, BA verification, backup-restore and IR-plan tests. Ward computes the next due date and warns you before it lapses.
Rate each gap by likelihood × impact into Low / Moderate / High, ranked into an audit-ready risk-management plan.
Track every business associate, their ePHI access, and BAA status — and the 2026 vendor-verification expectation.
Document security incidents and breach determinations as 45 CFR 164.308(a)(6) requires — and Ward computes the Breach Notification Rule deadlines (individuals, HHS, media) from the discovery date, flagging anything overdue.
Track who's on staff, the courses they owe, and completion dates — with annual-renewal flags and an exportable training log auditors ask for.
It all runs in your browser. Your answers and patient data stay on your machine. Nothing to leak, nothing in someone else's cloud — and the local tier is free.
Work through the 7 safeguard areas. Each has plain-English guidance — no security background needed.
For each gap, pick a threat and rate likelihood and impact. Ward computes Low / Moderate / High automatically.
The severity-weighted meter shows which 2026 mandates you've met and what's left. Assign each gap and each mandate an owner, target date, and status — Ward flags what's overdue.
One click bundles the SRA, risk-management plan, POA&M, 2026 gap report, asset inventory, policy manual, cadence log, and incident & breach log into an OCR audit binder. Print to PDF for your records or an auditor.
Ward opens to one number: how ready you are for the proposed 2026 Security Rule. Ten headline mandates roll up into a live, severity-weighted meter — a missed critical (encryption, MFA, risk management) moves it more than a moderate one — with the exact gaps ranked by what to fix first.
Office managers, practice owners, and fractional CISOs use Ward to finish a real SRA without a security background — or a hospital budget.
"I'm the office manager, the scheduler, and apparently the Security Officer. Ward got us a finished risk assessment in an afternoon — and nothing left the building."
"The 2026 readiness meter is the first time anyone showed me, in plain English, exactly what we still have to fix before the new rule lands."
"As an MSP I was paying per-client for tools that still didn't have a real SRA. Ward bundles the whole program for a fraction."
Illustrative scenarios representing Ward's target users while the product is in early access.
The named alternatives are cloud-only and priced for hospitals or funded startups. Ward sits in the small-practice band with more included.
| Ward | Accountable | Medcurity | Compliancy Group | |
|---|---|---|---|---|
| Entry price | $0 / $159/mo | $199/mo | ~$499/yr | ~$2k–$8k+/yr |
| Free SRA questionnaire + 2026 meter | ✓ | trial | ✗ | ✗ |
| Local-first PHI | ✓ | ✗ | ✗ | ✗ |
| 2026 readiness meter (per-mandate, weighted) | ✓ | partial | partial | partial |
| Asset inventory · policies · cadence tracking | ✓ Solo | partial | partial | tiered |
| Vuln/pen-test & custom roles | included | $799 tier | upsell | tiered |
The free local SRA questionnaire and 2026 readiness meter are an ONC-tool replacement that runs on any machine. Start now; no signup, no card, no PHI in anyone's cloud.
Start your free SRAWhat "free" actually includes — and how it replaces the ONC tool.
The ONC tool is Windows-only. Ward runs on Mac, Linux, and the browser.
Run a templated SRA across every client and bulk the 2026 gap report.
vs. the ONC SRA Tool, Accountable, Medcurity, and Compliancy Group.