Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a HIPAA risk assessment?

The objective of a HIPAA risk assessment is to identify potential risks and vulnerabilities to the confidentiality, availability, and integrity of all protected health information (PHI) that an organization creates, receives, maintains, or transmits. 


The U.S. Department of Health & Human Services (HHS) does not specify a particular risk analysis methodology because covered entities and business associates vary in size, complexity, and capabilities. To meet the objective of a HIPAA risk assessment, HHS suggests an organization should: 


  • Identify where PHI is stored, received, maintained, or transmitted
  • Identify and document potential threats and vulnerabilities
  • Assess current security measures used to safeguard PHI
  • Assess the proper usage of existing security measures
  • Determine the likelihood of a reasonably anticipated threat
  • Determine the potential impact of a breach of PHI
  • Assign risk levels for vulnerability and impact combinations
  • Document the assessment and take action where necessary


HIPAA risk assessments are not a one-time event; they require periodic reviews when introducing new technology or implementing new work practices.

Additional resources you might like:

Product updates
Blog
Introducing new products to secure and accelerate an AI-powered future

Today we’re excited to announce new and upcoming product capabilities that empower you to accelerate innovation and strengthen security in an increasingly AI-driven world.

Compliance
Event
Leverage Security and Compliance to Win Over Prospects

Curious about how security and compliance can help you build trust and win over prospects? On December 13th at 8:30am PST / 4:30pm GMT, join our AMAA

Product updates
Blog
New in Vanta | October 2023

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private links for Vendor Risk Management, and more.

Get compliant and
build trust, fast.