The first required safeguard of the HIPAA Security Rule is to “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information” your organization holds.