Title Page

  • Institution

  • Conducted on

  • Prepared by

  • Location


  • Describe the scope of this HIPAA Risk Assessment

  • List all participants including role (e.g. physician, resident, nurse, med tech, network manager, etc.)

  • Describe key technology components including commercial software

  • Describe how users access the system and their intended use of the system

Risk Assessment

  • Click (+) Vulnerability after you have identified a vulnerability or threat source

  • Vulnerability

Threat Source & Vulnerability

  • Observation

  • Threat source/ vulnerability

  • Enter threat/ vulnerability

  • Evidence (flow diagrams, screenshots etc.) (optional)

  • Existing controls

Risk rating

  • Consequence

  • Likelihood

  • Risk rating

Recommended Controls

  • Recommended controls or alternative options for reducing risk


  • Recommendations

  • Name and Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.