HIPAA Administrative Safeguards require a Risk Assessment to be performed at least once a year.
A Risk Assessment is the building block from which HIPAA Compliance begins. Here are the key components in this process.
Inventory all technology assets in your organization: Hardware - Software - Devices.
Consider whether or not the asset processes ePHI.
Identify Threats, Vulnerabilities and their impact on your ePHI.
Improve the policies, procedures and safeguards that process and protect your ePHI and control access to it.