I admit that I have become so steeped in HIPAA subject matter, in general, and the process of completing a HIPAA Security Risk Analysis, in particular, that I forgot that many organizations are just starting out.  This post is aimed at getting back to basics.  Here’s today’s big tip – Get a quick baseline education… here’s how…


getting started with HIPAA Security Risk AnalysisI’m a big believer in creating context for any team, and, in this case, your Risk Analysis team.  There are many reasons healthcare organizations and most of their vendors/suppliers who also handle Protected Health Information (PHI) must complete a HIPAA Security risk analysis (per 45 CFR 164.308(a)(1)(ii)(A)) ranging from complying with the HIPAA Security Final Rule to earning incentive money for their recently implemented Electronic Health Record system to good business hygiene/risk management.

When it comes to getting a quick baseline education, I recommend the following four (4) “homework assignments” …

  1. View this 6/9/2011 (~60 minute) webinar: How to Conduct a Meaningful use Risk Analysis
  2. Read this 9-page Document: HHS / OCR Final Guidance on Risk Analysis
  3. Read the first 10 pages of this White Paper:  HIPAA Security Risk Analysis Background and Requirements – A White Paper for Healthcare Professionals
  4. Read this blog post entitled “HIPAA Security Evaluation vs. HIPAA Risk Analysis: Explained”; we already have the first tool developed (http://clearwatercompliance.com/shop/hipaa-security-assessment-software/); we’re working in the second.

This will require some investment of your time, but I think it will pay huge dividends…  Please feel free to send us any questions you may have!

Please avail yourself of any of these free resources which you may access now by clicking on the links below:


Series Navigation<< HIPAA Security Risk Analysis Tips – Risk Analysis MethodologyHIPAA Security Risk Analysis Checklist >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.