Complete Your Annual Risk Assessment

Home Bridge Compliance HIPAA​ Complete Your Annual Risk Assessment

You can complete your annual risk assessment in Bridge Compliance, as well as view your risk score and create a remediation plan.

HIPAA requires every health care practice to complete a risk assessment each year. It’s your first line of defense against data breaches, patient privacy violations, and costly fines.

Without it, your practice is exposed to compliance audits, legal risk, and financial penalties—even if no breach occurs.

The HIPAA Risk Assessment will take you through a comprehensive set of multiple-choice questions and “threats and vulnerabilities” assessments. You will answer each question based on your organization’s current policies and practices.

Note: Although an annual risk assessment is mandatory, you may complete additional assessments at any time to re-evaluate your risk.

Time to complete this requirement: 45-60 minutes

To follow a guided tour of this process, see HIPAA Compliance Requirement: Complete Your Annual Risk Assessment.

Instructions

  1. Select HIPAA > HIPAA Risk Assessment from the left menu.
  2. Click the Create New button in the upper right corner of the screen.
  3. Choose one of the following options:
    • I want to copy a previous HIPAA risk assessment
      Select this option if you’ve previously completed a HIPAA risk assessment. It will copy your previous answers into a new HIPAA risk assessment that you can modify.
    • I want to start a brand-new HIPAA risk assessment
      Select this option if this is your first HIPAA risk assessment. It creates an entirely new HIPAA risk assessment from scratch.
  4. Answer all questions based on your organization’s current policies and practices in the following sections:
    1. HIPAA Risk Assessment Basics
    2. Security Policies
    3. Security & Workforce
    4. Security & Data
    5. Security & the Practice
    6. Security & Business Associates
    7. Contingency Planning
    After you answer each question, you’ll receive relevant HIPAA guidance and resources to help you stay informed and compliant (i.e., the Education and Reference table).
    In the Threats and Vulnerabilities sections, you’ll see potential risks and be asked to reassess how likely they are to affect your practice and what impact they might have. The tooltips next to Likelihood and Impact provide helpful guidance for choosing the appropriate likelihood and impact levels.
    You can expand the assessment navigation at the top to view completed sections and quickly navigate between them.
  5. After completing those sections, review your results and risk score in the 8. Review Results section.
    Your risk score, calculated out of 100, is based on your responses from all the Threats and Vulnerabilities section.
    You can see how many responses fall into each category by hovering over the pie chart or reviewing the list below it.
    Categories:
    • Low
    • Medium
    • High
    • Critical
    • Unanswered
  6. Click the Continue button when you’re ready.
  7. In section 9. Remediate, record fixes for any problems found during the Risk Assessment.
    Documenting the measures you take to address issues identified in the multiple-choice questions is essential.
    Note: This section highlights questions with answers you rated as High or Critical.
  8. Click the Save & Exit button when ready.

Once you’ve completed your risk assessment, reviewed your score, and created a remediation plan, you can access all this information anytime from your dashboard by selecting HIPAA > Risk Assessment.

Note: Bridge Compliance saves this information, making future assessments quicker and easier to complete.

Helpful?