A Security Risk Assessment is required by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule for all covered entities and their business associates. It helps to pinpoint where your practice's patient health information (PHI) may be at risk and your compliance status regarding HIPAA's administrative, physical, and technical standards. Based on the results of the assessment, any weaknesses can be resolved. If your practice is found to have a breach, the first requirement will be to supply your most current Security Risk Assessment. There are numerous methods and companies that can assist with the Risk Assessment process, the example below is a good place to start at no cost.
HHS Risk Assessment Tool, use version 3.1
Risk Assessment User Guide