The purpose of a risk assessment is to identify conditions where Electronic Protected Health Information (EPHI) could be disclosed without proper authorization, improperly modified, or made unavailable when needed. This information is then used to make risk management decisions on what reasonable and appropriate safeguards are needed to reduce risk to an acceptable level. This Risk Assessment Tool is intended to be a starting point for identifying cybersecurity risks to your organization. Please note that this tool is best printed using landscape orientation and on legal sized paper.