HIPAA Risk Assessment

What is a HIPAA Risk Assessment:

A Risk Assessment is essentially a questionnaire that evaluates how well your practice is adhering to HIPAA law. The goal of the risk assessment is to highlight and uncover any compliance vulnerabilities your practice may have.

*This should take you about 10 minutes to complete.

Why should I care?

It’s an annual requirement under the HIPAA Security rule (Section 164 308(A)(1)(II)(A)).
In the event of an audit from the Office of Civil Rights (they enforce HIPAA), you’ll need to document you have one on file.

Your patients entrust you to keep their PHI safe. You should be doing everything you can to make sure where you know where your compliance gaps lie so you can get them fixed as soon as possible.

What are my options?


  • Complete it with PCIHIPAA and our team of compliance experts.
  •  No download required.
  • Have one on one assistance with one of our senior compliance advisors.
  • Complimentary consultation going over your customized Risk Report ($1,200 value).
  • Completion Time: 10-15 minutes.


  • Complete it directly through the Department of Health and Human Services Security (HHS) Risk Assessment Tool.
  •  Download over 100 MB of software onto your computer.
  • Answer confusing and complex questions with no help.
  • Completion Time: 3-4 Hours.

What others are saying about PCIHIPAA

“PCIHIPAA was incredibly helpful in going through our annual Mandated HIPAA Risk Assessment with me, step-by-step and then offering solutions on how to improve any area that we were deficient.”
— Katia P, Compliance Officer