← Back to BLOG

What is a HIPAA Risk Assessment?  Why do we need one?  What’s in it for me?

What is a HIPAA Risk Assessment?  Why do we need one?  What’s in it for me?

The failure to conduct a HIPAA (Health Insurance Portability Accountability Act) Risk Assessment can be costly.  The severity of fines for non-compliance with HIPAA depends on the number of patients affected by a breach of protected health information (PHI) and the level of negligence involved.

A HIPAA risk assessment is not a one-time exercise. Assessments should be reviewed periodically and as new work practices are implemented or new technology is introduced.

What is a HIPAA Risk Assessment?

A HIPAA risk assessment is exactly what it sounds like: an honest assessment of in the areas in which your organization is at risk of breaching protected health information (PHI).

Why do we need one?

A Under the Security Rule, covered entities (defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which US Department of Health & Human Services has adopted standards) are required to evaluate risks and vulnerabilities in their environments and to implement security controls to address those risks and vulnerabilities. The HIPAA Risk Assessment is required by law for HIPAA compliance, it's not optional.  HIPAA risk assessment is not a one-time exercise. Assessments should be reviewed periodically and as new work practices are implemented or new technology is introduced. Completing a HIPAA risk assessment is one of the requirements for Covered Entities. If you are audited, you will be asked about your risk assessment.   

What’s in it for me?

Do you have car insurance? Despite the improbability of getting into a car accident, every driver must insure his or her car in the event that an accident does occur. In the same way, Covered Entities must “insure” themselves with risk assessments in case they are audited, no matter how certain they are that they will never be audited. The fines for breaches are steep, and they are even worse if you cannot produce your HIPAA Risk Assessment which show that you have been actively working to remain HIPAA compliant.

The reasons for a HIPAA Risk Assessment go far beyond merely complying with the bare minimum of the law, however. A HIPAA risk assessment puts your organization in the perfect position to dig into the real reason for HIPAA compliance: eliminating security risks. Instead of being naively confident because you don’t see your risks or blindly overwhelmed because you don’t know where you are vulnerable, you can target each risk raised by a risk assessment one at a time.

After completing your risk assessment, you should create a year-long plan for the specific risks you plan to target. You don’t need to deal with them all at the same time; it is likely that you will not have the budget to do so. From a cost/benefit point of view, you can choose the risks that are the most likely to result in security breaches in addition to being within your budget. Don’t forget to set funds aside for such a purpose each year.

navitend helps covered entities with their information technology needs along with encouraging them to regularly complete a HIPAA Compliance Risk Assessment. 

If you have any questions or concerns with your organization's Risk Assessment call 973.448.0070 or setup an appointment today.  Book Now

Make your life easier …….

Contact us at 973.448.0070


  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary