Templates
Risk Management
HIPAA Security Risk Assessment Checklist
🔒

HIPAA Security Risk Assessment Checklist

1
Identify scope of the assessment
2
Complete an inventory of all electronic systems
3
Identify where all PHI is stored, received, maintained, or transmitted
4
Review current security policies and processes
5
Identify and document potential threats and vulnerabilities
6
Approval: Potential Threats and Vulnerabilities
7
Assess current security measures
8
Determine the likelihood of threat occurrence
9
Determine the level of impact of threat occurrence
10
Determine risk level for each vulnerability
11
Approval: Risk Level Determination
12
Document all findings
13
Suggest remediation steps to mitigate risks identified
14
Prepare a Risk Management plan based on the assessment
15
Approval: Risk Management Plan
16
Implement the remediation steps
17
Update and revise security policies as necessary
18
Train staff on new security protocols
19
Monitor and review the effectiveness of remediation steps and risk management plans
20
Approval: Monitoring and Review Results