This entry is part 36 of 60 in the series HIPAA Security Risk Analysis Tips

There are many wrong ways and one correct way to conduct a HIPAA Risk Analysis!  The foundational risk analysis required at 45 CFR §164.308(a)(1)(ii)(A) is an ongoing requirement.  Here’s today’s big TIP — Learn How To Conduct a Bona Fide HIPAA Risk Analysis.  

HIPAA Risk Analysis Tip – How To Conduct a Bona Fide HIPAA Risk Analysis

Here are the big points to remember:

  • There’s a Right Way and Many Wrong Ways
  • First Time – Lots of Work, if done properly
  • It’s Not Once and Done
  • Risk Analysis adverse findings are the Single Biggest Audit & Investigation Findings
  • Risk Analysis  is not the same as Risk Treatment
  • Risk Analysis is not the same as Security Assessment (Evaluation)

Watch Our Recorded, On Demand Webinar

Download HIPAA Risk Analysis Buyer’s Guide Checklist

We are often asked, “How do I go about selecting a reputable firm to complete a bona fide HIPAA Security Risk Analysis?”  This HIPAA Risk Analysis Buyer’s Guide Checklist is an easy-to-use tool to assist you in comparing alternative solutions and making your selection.

Other Help Getting Started With Your Bona Fide HIPAA Risk Analysis

Over the years, we’ve helped 100s of organizations complete their HIPAA Risk Analysis. Please benefit from our HIPAA Risk Analysis expertise by:


Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Risk Analysis Tip – HIPAA Risk Analysis Buyer’s Guide ChecklistHIPAA Risk Analysis Tip – EHR Pre- and Post-Payment Audits >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.