HIPAA Risk Assessment Template

HIPAA Risk Assessment Template


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

When it comes to performing your HIPAA Risk Assessment, federal HIPAA guidelines can be confusing. With a HIPAA Risk Assessment template outlining the process your practice should follow, you can mitigate your chances of leaving something out or doing extra work, all while keeping your business safe.

Let’s take a look at what exactly HIPAA regulation says about risk assessments so you can better understand your responsibilities under the law.

Understanding HIPAA Risk Assessments

HIPAA regulation is composed of several HIPAA Rules. The HIPAA Rules set national standards for the security and privacy of protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, addresses, phone numbers, email addresses, insurance ID numbers, Social Security numbers, and medical records.

HIPAA Risk Assessments are mandated by the HIPAA Security Rule. The Security Rule sets standards for the security and integrity of PHI based on security infrastructure that HIPAA-beholden organizations have in place. These safeguards must be captured and documented in your organization’s HIPAA policies and procedures in order to ensure that security is maintained uniformly across your organization.

The HIPAA Security Rule is broken into three main categories: Administrative, Physical, and Technical standards. Each of these categories has associated standards that must be addressed within all HIPAA-beholden organizations.

In order to perform a complete HIPAA Risk Assessment, your organization must audit its Security measures against the standards outlined in these three categories. Some examples of standards addressed in each category include:

  • Administrative: Are all staff members properly trained on your organization’s HIPAA Security policies?
  • Physical: What kind of physical security measures (locks, alarm systems) does your organization have in place to protect against burglary?
  • Technical: What kind of cyber-security measures (firewall, antivirus, encryption) does your organization have in place to protect electronic PHI?

The Department of Health and Human Services (HHS) and the National Institute of Standards and Technology (NIST) have released two free HIPAA Risk Assessment template tools that can be accessed below:

HIPAA Resources

Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.

Compliancy Group’s team of expert Compliance Coaches® field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including guided walkthroughs of HIPAA Risk Assessments.

With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.

Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

Join us for the upcoming webinar about Cybersecurity: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice on May 23, 2018.

Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Corporate wellness
Corporate wellness
4 years ago

Great Post..Thank You

Would love your thoughts, please comment.x