Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a HIPAA risk assessment?

The objective of a HIPAA risk assessment is to identify potential risks and vulnerabilities to the confidentiality, availability, and integrity of all protected health information (PHI) that an organization creates, receives, maintains, or transmits. 


The U.S. Department of Health & Human Services (HHS) does not specify a particular risk analysis methodology because covered entities and business associates vary in size, complexity, and capabilities. To meet the objective of a HIPAA risk assessment, HHS suggests an organization should: 


  • Identify where PHI is stored, received, maintained, or transmitted
  • Identify and document potential threats and vulnerabilities
  • Assess current security measures used to safeguard PHI
  • Assess the proper usage of existing security measures
  • Determine the likelihood of a reasonably anticipated threat
  • Determine the potential impact of a breach of PHI
  • Assign risk levels for vulnerability and impact combinations
  • Document the assessment and take action where necessary


HIPAA risk assessments are not a one-time event; they require periodic reviews when introducing new technology or implementing new work practices.

Additional resources you might like:

SOC 2
Event
Compliance for startups with Fern (YC W23)

Join Danny Sheridan, Co-founder and CEO at Fern (YC W23), and Brian Kuan, Product Marketing Manager at Vanta (YC W18), for a deep dive into why startups should prioritize compliance early in their journey, and how Vanta can help you become SOC 2-ready in as little as four weeks—giving time back for you to focus on building a company.

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
Simplifying SOC 2 and ISO 27001 compliance for growing businesses

Join us for a 45-minute webinar where we’ll demonstrate how Vanta automates up to 90% of the work for security and privacy frameworks, and helps you move towards a state of continuous compliance.

Additional resources you might like:

SOC 2
Event
Compliance for startups with Fern (YC W23)

Join Danny Sheridan, Co-founder and CEO at Fern (YC W23), and Brian Kuan, Product Marketing Manager at Vanta (YC W18), for a deep dive into why startups should prioritize compliance early in their journey, and how Vanta can help you become SOC 2-ready in as little as four weeks—giving time back for you to focus on building a company.

Compliance
Event
Simplify Compliance and Enhance Your Customer’s Trust

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo where you’ll learn how Vanta goes beyond compliance to enhance your overall security and trust management.

Compliance
Event
Simplifying SOC 2 and ISO 27001 compliance for growing businesses

Join us for a 45-minute webinar where we’ll demonstrate how Vanta automates up to 90% of the work for security and privacy frameworks, and helps you move towards a state of continuous compliance.

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Streamlining SOC 2 Compliance with Vanta and AWS

Watch our Coffee and Compliance session, where our experts, Ethan Heller, GRC, Subject Matter Expert at Vanta, and Brad Dispensa,WWPS Specialist SA at Amazon Web Services (AWS) cover some of the challenges of SOC 2 compliance and show how Vanta and AWS work together to simplify and accelerate SOC 2 compliance.

Compliance
Event
How to streamline SOC 2 and ISO 27001 compliance with automation

Watch Vanta’s 45-minute live product demo. Our Vanta team will walk you through the platform and answer questions throughout the session.

ISO 42001
Event
How to demonstrate secure AI practices with ISO 42001

Join Vanta and A-LIGN for a Coffee and Compliance session on ISO 42001 —what it is, what types of organizations need it, and how it works.

Company news
Event
What’s new in Vanta: Unveiling the Future of GRC Roadmap

We had the pleasure of hosting Jeremy Epling, Vanta’s CPO from our Vanta Sydney office, where he shares and demonstrates some exciting new product updates designed to help security teams future-proof and scale their GRC programs more easily.

Compliance
Event
How to streamline ISO 27001 and SOC 2 compliance with automation

Watch Vanta’s 45-minute live product demo. Register today to begin your automated compliance journey!