What is a HIPAA risk assessment?
The objective of a HIPAA risk assessment is to identify potential risks and vulnerabilities to the confidentiality, availability, and integrity of all protected health information (PHI) that an organization creates, receives, maintains, or transmits.
The U.S. Department of Health & Human Services (HHS) does not specify a particular risk analysis methodology because covered entities and business associates vary in size, complexity, and capabilities. To meet the objective of a HIPAA risk assessment, HHS suggests an organization should:
- Identify where PHI is stored, received, maintained, or transmitted
- Identify and document potential threats and vulnerabilities
- Assess current security measures used to safeguard PHI
- Assess the proper usage of existing security measures
- Determine the likelihood of a reasonably anticipated threat
- Determine the potential impact of a breach of PHI
- Assign risk levels for vulnerability and impact combinations
- Document the assessment and take action where necessary
HIPAA risk assessments are not a one-time event; they require periodic reviews when introducing new technology or implementing new work practices.
Additional resources you might like:

Coffee and Compliance: Building Trust to Drive Business Growth
Join our live webinar on May 23 at 12 PM where VP of Product Chase Lee, and Staff Product Manager Sanjay Padval as they demonstrate a brief overview and provide guidance on advancing your security program beyond building or improving. Learn how to enhance customer satisfaction and gain a competitive advantage, accelerating your business growth.

Café et compliance : les clés pour booster sa croissance en tant que startup
Pour vendre à des entreprises, les startups doivent garantir la protection des données de leurs clients en prouvant qu’elles ont mis en place les bonnes pratiques de sécurité. Pour cela, elles peuvent obtenir une certification comme la norme ISO 27001. Ce webinar explique les différents contrôles de sécurité à effectuer, les avantages de la certification et comment automatiser jusqu'à 90% du processus avec Vanta. Sébastien, CTO et co-fondateur de Leeway reviendra sur son expérience avec Vanta, et les participants pourront échanger avec notre responsable commerciale en France et notre expert en certification.

Introducing Vanta Workspaces
We’re thrilled to announce Vanta Workspaces, a new capability in our platform that enables complex organizations with multiple business units to easily customize, manage, and automate compliance at both the business unit and parent organization level in a single Vanta account.