HIPAA Risk Analysis Worksheet

What is inside

• Structured threat inventory covering ePHI access points: EHR, scheduling software, email, mobile devices, and physical records
• Likelihood × impact scoring matrix with built-in risk level categories (low / moderate / high)
• Pre-populated with the most common threats found in OCR investigations of small practices
• Residual risk documentation section — records what controls are in place after mitigation
• Annotated with the specific regulatory citations so you understand what each section satisfies