Skip to main content
Certifications & Audits

Risk Analysis

A HIPAA-required assessment of threats and vulnerabilities to ePHI.

A Risk Analysis is a HIPAA Security Rule requirement: an accurate, thorough assessment of the potential threats and vulnerabilities to the confidentiality, integrity, and availability of ePHI.

It is the foundational first step of a compliance program: you cannot protect ePHI appropriately without first understanding where the risks are. The analysis feeds risk management, the ongoing process of implementing safeguards to reduce identified risks to a reasonable level. A missing or inadequate risk analysis is one of the most commonly cited findings in OCR enforcement.