Printable HIPAA Risk Assessment
Organization Name: ___________________________
Date of Assessment: ___________________________
Assessor(s): ___________________________
Contact Information: ___________________________
This HIPAA Risk Assessment is designed to help healthcare organizations evaluate their compliance with HIPAA's security and privacy requirements. It encompasses a comprehensive examination of the organization's current policies, practices, and technical safeguards to ensure the protection of important patient information.
1. Administrative Safeguards
Control Area | Current Status | Risk Level (Low, Medium, High) | Mitigation Actions | Responsible Person |
|---|
HIPAA Policies & Procedures | | | | |
Workforce Training & Awareness | | | | |
Risk Management Plan | | | | |
Incident Response & Breach Notification | | | | |
2. Physical Safeguards
Control Area | Current Status | Risk Level (Low, Medium, High) | Mitigation Actions | Responsible Person |
|---|
Facility Access Controls | | | | |
Workstation Use & Security | | | | |
Device & Media Controls | | | | |
Backup & Data Storage Security | | | | |
3. Technical Safeguards
Control Area | Current Status | Risk Level (Low, Medium, High) | Mitigation Actions | Responsible Person |
|---|
Access Control & Authentication | | | | |
Data Encryption | | | | |
Audit Controls & Monitoring | | | | |
Transmission Security | | | | |
4. Organizational Requirements
Control Area | Current Status | Risk Level (Low, Medium, High) | Mitigation Actions | Responsible Person |
|---|
Business Associate Agreements (BAAs) | | | | |
Security Incident Documentation | | | | |
HIPAA Compliance Oversight | | | | |
5. Risk Summary
Identified Risks | Risk Level (Low, Medium, High) | Likelihood | Impact | Mitigation Actions |
|---|
Example: Inadequate employee training | High | High | High | Implement training program |
Example: Unencrypted data storage | Medium | Medium | High | Apply encryption to all data storage systems |
6. Overall Risk Level
Total Risk Assessment: (Low, Medium, High)
Date for Next Review: ___________________________
7. Signatures
Assessor Name | Signature | Date |
|---|
[Your Name] | 
| June 10, 2090 |
Assessment Templates @ Template.net
