Secure your practice today
HIPAA Risk Assessment
HIPAA requires that covered entities conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the organization. This course provides a template and instructions to assist in the process of identifying the location of ePHI and the associated risks and vulnerabilities.
-
Instructional videos
Each document includes a how-to video to guide you in correctly completing the document. -
Asset inventory
This fillable template guides the process of determining where ePHI is located in the Practice. -
Risk Assessment Questionnaire
This fillable document walks the practice through key questions to consider when assessing its risks and vulnerabilities. -
Scoring
The risk assessment provides a score to indicate the level of risk the practice has based on vulnerabilities identified.
Why Do I Need a Risk Assessment?
Risk analysis is a required specification of 45 CFR 164 (HIPAA). In the event of an audit, the Office of Civil Rights may request to review the practice's past risk assessments.
The assessment not only identifies potential areas of risk to ePHI, it also helps the practice to determine what security controls are necessary to mitigate risk. For example, does your practice need to implement multi-factor authentication, or end-point encryption? The assessment helps you consider these controls and their level of necessity at your practice.
The assessment not only identifies potential areas of risk to ePHI, it also helps the practice to determine what security controls are necessary to mitigate risk. For example, does your practice need to implement multi-factor authentication, or end-point encryption? The assessment helps you consider these controls and their level of necessity at your practice.