IT risk assessment, or risk analysis, is one of the main requirements for HIPAA compliance. According to paragraph 164.308, risk analysis is an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. Failure to establish proper control over risks in the IT environment can result in not only failed compliance audits, but devastating breaches that can lead to civil and criminal penalties and loss of customer loyalty.

Source: Click here