Risk Analysis is often regarded as the first step toward HIPAA compliance. Risk analysis is a required implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1).
www.hipaacertification.net/hipaa-security-risk-assessment/