A free, downloadable HIPAA risk assessment tool is available. Even better, it's from the people who enforce HIPAA.
Since March 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC) and HHS Office for Civil Rights (OCR) have offered a free HIPAA security risk assessment tool that is specifically designed for small to medium sized providers. The tool, which is available at healthit.gov, is compatible with Windows 7 or an iPad. Conveniently, the application also produces a report that can be submitted to auditors.
In announcing the release of the risk assessment tool, HHS reminded healthcare entities of the need to be proactive in HIPAA compliance:
"HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data. Conducting a security risk assessment is a key requirement of the HIPAA Security Rule and a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program."
Healthcare entities would be well-advised to investigate this tool. Although there is a disclaimer that using the tool does not guarantee compliance with federal, state or local laws, implementing a compliance tool created by the regulatory enforcement agency certainly will go a long way to show good faith efforts to comply with HIPAA.