The Assessment: HIPAA Risk Analysis Tool

Know The Unknown

You wouldn’t leave your locked confidential file cabinet in the middle of NY Times Square…..

Or give your sacred keys to a landlord you have never met. Or store it in a room with dozens of keys laying about. Or place it under a leaky pipe next to a fireplace.  Or cover the cabinet with Post-Its with private information. Technology risk can be hard to visually picture; it is remote, intangible, abstract, and part of complex networks. PCT’s Risk tool will help you understand, identify and plan for risk.
Once you can see the risk, prevention is easy.

Roy says: “You know security!”

Although locked, we know you would never take your file cabinet and leave it in the middle of a busy, public place. It is simply not safe.  You know how to protect your clients when you can hold the paper in your hand.  Person Centered Tech will help you understand what the technology equivalent of that is, and most importantly how tp protect your clients electronically!  The risk tool is designed to walk you through scenarios to help you to know the unknown, develop solutions to minimize the risk, and rank the risk so you know where you are most vulnerable.

A great place to start is with our webinar that explains why this step is so very crucial (and legally mandated by HIPAA). PCT will guide you though the process with our dedicated user manual providing instruction and our Office Hours consulting to answer all your questions. The tool is designed to customize and scale to your unique practice since no one’s risk is identical. Risk is not one-size-fits-all, your solution shouldn’t be either.

We know how much you value your client’s safety. We will help you achieve knowing and feeling that your electronic file cabinet is safe and secure enough to hold a bar of gold.

Oh yeah… a great side effect to this process is your practice management becoming more effective and efficient!

I rely so heavily on your analysis of things that affect my practice.


I just learned about your work and am excited to start reading your articles and get myself clear about what I need to do to be HIPAA secure. Thanks for your good work!


I’m grateful to have found you. Onward with HIPPA education!


Know the Unknown

Q & A about The Risk Tool

  1.  What is the purpose of this tool?

This tool is designed to do two things: 1) be a simple way to achieve one of the most challenging HIPAA security requirements which needs to be done yearly (among other tasks) to come compliant. 2) help you make impactful, practical change that helps you understand your business more comprehensively and identify your unique needs. Risk is not one-size fits all, your solution shouldn’t be either.

2. What is the format of this Tool?

Currently, the tool is a multi-sheet Excel document.  There is an instruction manual that will teach you how to use the tool in a simple step-by-step process. The manual will also link to reference material and video clips that you will find handy!

3. So why are there updates?

This tool is a living document and it is currently in its initial Beta release. It will continue to grow and update as we obtain member feedback, new scenarios arise, and stay current with technology evolution.  What we recommend is that you stick with the version you start with during the process.  Then, upon the new year, look for the newest tool!

4. How often do I have to do this?

HIPAA compliance states that this needs to be performed yearly to maintain this facet of compliance. If you find that your practice makes major changes midyear, then utilizing the tool (in full or in part) can be very helpful in your decision making process.

5. How does this make me compliant?

For the technology security portion of HIPAA, compliance looks like this: 1) a yearly completed HIPAA Risk Analysis and risk management plan; 2) Policy and Procedures that document your risk mitigation practices; 3) Log of security activities you perform. As we know as clinical professionals, if it wasn’t documented…. it wasn’t done.  This tool provides documentation that you have looked into your operations and risk, made a plan and are following the plan.  We picture compliance as a folder on your desktop (or binder in your file cabinet) that has a completed Risk Analysis, your customized manual of Policies & Procedures, and updated security logs that show when you performed certain tasks such as data backups.