News Releases

New HIPAA Compliance Resource: HHS Offers Security Risk Assessment Tool


On March 28, 2014, the U.S. Department of Health and Human Services (“HHS”) released a security risk assessment tool that may help health care providers (and other “covered entities” and “business associates”) to conduct a risk analysis of their organizations as required by the Health Insurance Portability and Accountability Act (“HIPAA”). 

One of the key requirements of the HIPAA security rule is that covered entities and business associates perform an assessment (and periodic reassessments) of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic protected health information they hold.  The new security risk assessment tool was designed by HHS specifically to help small to medium sized health care providers to conduct such an assessment, but it may also be a useful resource for other covered entities and for business associates.  Additionally, the tool allows covered entities and business associates to produce a report, allowing the user to document their risk analysis in a format that can be provided to auditors and other third parties as necessary. 

The security risk assessment tool, and related guidance and instructional videos, can be accessed and downloaded from the HHS website at

If you have any questions about this or any other aspects of HIPAA compliance or other health care legal issues, please contact John Soshnik by e-mail at or by telephone at 612-371-6207.

Duff, Christine
Communications and Brand Manager

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.


AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.