In March 2014, the Department of Health and Human Services released a Security Risk Assessment Tool to assist providers in small to medium sized offices conduct HIPAA risk assessments of their organizations. According to the Department of Health and Human Services, "Conducting a security risk assessment is a key requirement of the HIPAA Security Rule and a core requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program." By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems and integrate actions into QAPI initiatives.
Here's the link again for reference: http://www.healthit.gov/providers-professionals/security-risk-assessment
This is obviously just one of the many tools to assist with risk assessments. What other tools or resources do you use? How do you determine your QAPI initiatives? Where are you pulling data and analysis from to identify areas of improvement and opportunities to go above and beyond?