Guidance on Risk Analysis Requirements under the HIPAA Security Rule

The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the
provisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series of
guidances will assist organizations2 in identifying and implementing the most effective
and appropriate administrative, physical, and technical safeguards to secure electronic
protected health information (e-PHI). The guidance materials will be developed with
input from stakeholders and the public, and will be updated as appropriate.


The material in these guides and tools was developed from the experiences of Regional Extension Center staff in the performance of technical support and EHR implementation assistance to primary care providers. The information contained in this guide is not intended to serve as legal advice nor should it substitute for legal counsel. The guide is not exhaustive, and readers are encouraged to seek additional detailed technical guidance to supplement the information contained herein.

Reference in this web site to any specific resources, tools, products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U.S. Government or the U.S. Department of Health and Human Services.

Practice Role
Care Coordinators
Health Care Mgmt - Practice Mgrs Admin
IT Professionals
Providers (MDs, DOs, NPs, PAs, RNs, LPNs)
PSR, Schedulers, Front Desk, Med Secretaries
Providers & Professionals
Setting/Practice Type
FQHC or Community Health Center
Large Practice 11 or more
Small Practice 1 - 10
Specialty Practice
Resource Topics
Privacy and Security
EHR Steps
Step 5: Achieve Meaningful Use

5 votes with an average rating of 1.2