Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is a HIPAA risk assessment?

‍

The objective of a HIPAA risk assessment is to identify potential risks and vulnerabilities to the confidentiality, availability, and integrity of all protected health information (PHI) that an organization creates, receives, maintains, or transmits.

The U.S. Department of Health & Human Services (HHS) does not specify a particular risk analysis methodology because covered entities and business associates vary in size, complexity, and capabilities. To meet the objective of a HIPAA risk assessment, HHS suggests an organization should:

Identify where PHI is stored, received, maintained, or transmitted
Identify and document potential threats and vulnerabilities
Assess current security measures used to safeguard PHI
Assess the proper usage of existing security measures
Determine the likelihood of a reasonably anticipated threat
Determine the potential impact of a breach of PHI
Assign risk levels for vulnerability and impact combinations
Document the assessment and take action where necessary

HIPAA risk assessments are not a one-time event; they require periodic reviews when introducing new technology or implementing new work practices.

Related Terms

Additional resources you might like:

GDPR

Blog

How to make your website GDPR compliant in 8 steps

Learn the essential steps to achieve GDPR compliance for your website. Click here to learn the requirements and organizational benefits of GDPR compliance.

Compliance

Blog

How to choose the best access review software: A buyer’s guide

Learn why access review software is essential and how to choose and implement the right solution.

GDPR

Blog

GDPR basics: Everything you need to know to keep your business compliant

Learn the basics of GDPR, what GDPR compliance means for your organization, and how the GDPR rights granted to those in the EU may impact your business.

GDPR

Blog

GDPR compliance for US companies: Step-by-step guide

Learn how GDPR impacts US organizations and what it takes to achieve compliance.

GRC

Blog

How to choose the best risk management software for your organization

Understand how to manage rising organizational risk and what to look for in the right risk management software.

GDPR

Blog

An actionable guide to GDPR compliance for startups

Learn what GDPR compliance means for startups and how to achieve it while building trust and scaling with confidence.

Compliance

Blog

How to choose the best regulatory compliance software: A buyer’s guide

Find out what to look for in compliance software as AI and regulatory requirements continue to change.

Security

Events

The CISO Playbook: How Security Leaders at Calm, Perforce, Xactus, and Vanta Drive Outcomes

Hear from CISOs at Calm, Perforce, Xactus, and Vanta for The CISO Playbook - a panel on how enterprise security leaders demonstrate value to boards, manage risk at scale, and align security programs with growth and executive expectations.

Security

Blog

9 AI risks that could impact your organization—and how to mitigate them

Discover the nine most relevant AI risks that can threaten your network and systems, and explore some practical strategies to proactively mitigate them.

Follow us

What is a HIPAA risk assessment?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast