Skip to the main content.
Try GRC Playbook for free
Try GRC Playbook for free

Health Insurance Portability and Accountability Act (HIPPA)

This HIPAA Risk Assessment and Security Rule Assessment Playbook is based on the U.S. Department of Commerce NIST Special Publication 800-66 Revision 1 - Health Insurance Portability and Accountability Act (HIPAA).

A covered entity is required to comply with all “standards” of the Security Rule and “required” implementation specifications with respect to all electronic private health information (EPHI). For “addressable” implementation specifications, covered entities must perform an assessment to determine whether the implementation specification is a reasonable and appropriate safeguard for implementation in the covered entity’s environment. Covered entities are required to document these assessments and all decisions. The HIPPA Playbook facilitates this process.

The HIPAA Risk Assessment and Security Rule Assessment Playbook addresses the following:

  • HIPPA Security Rule – Risk Assessment
  • HIPAA Security Rule – Administrative Safeguards
  • HIPAA Security Rule – Physical Safeguards
  • HIPAA Security Rule – Technical Safeguards
  • HIPAA Security Rule – Organizational Requirements
  • HIPAA Security Rule – Policies and Procedures and Documentation Requirements Document the Risk Assessment Results

What can you expect from our comprehensive Playbooks library?

Out-of-the-Box Functionality

Out-of-the-Box Functionality

Our extensive library of fully loaded, ready to use “smart” Playbooks allows you to get started straight away. No training, no new technology, once you can use excel, you’re ready to use GRC Playbook.

Reporting Clarity

Reporting Clarity

Generate meaningful and actionable Dashboards, Status and Management Reports, and slice and dice your data any way you want through our tight integration with Microsoft Power BI.

Scalable Ease-of-Use

Scalable Ease-of-Use

Our expanding library of Playbooks give you three scalable work modes to suit your and your client’s needs – simple ControlSCAN, more detailed DiagnosticREVIEW, and full RCM Assessment.


3 Modes of Use

Playbooks builds on and retain the information entered into each of the three work modes to allow you the flexibility of working interchangeably in whatever mode suits your needs at a particular time.

Control Scans

Gap analyses against authoritative best practices and applicable international frameworks

Designed to provide the user with a rapid assessment of the organization’s control/compliance “gaps” – in advance of a more in-depth assessment


Mid-level analysis. A more-in depth review of your chosen subject area.

RCM Assessment

A full-scale Risk and Control Matrix Assessment that gives you the most comprehensive view of your subject area.

Based on Authoritative Sources


US Securities and Exchange Commission FRC FFIEC European Commission COSO

Sign up for our newsletter

and get the best of GRC Playbook straight to your inbox.