I actually put one together about two years ago at the last job. I might have it saved somewhere. If I do, it's yours.

Hi there, I could use some guidance on this as well.  By chance, is there some template that can be followed, any help is very much appreciated...

Thank you,

-J

The link will take you to a plethora of available HIPAA templates. Google is your friend:

hipaa +template filetype:xls

Weird, I tinyurl'd the following:

http://www.google.com/search?q=hipaa+template+filetype%3Axls&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

What I've found to be helpful to me was using EDUCAUSE's Information Security Governance Assessment Tool as a template alongside ISACA's "COBIT Mapping ISO/IEC 17799 :2000 With COBIT" http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=35228 into my own template worked wonders in mapping most standards and guidelines. (You need to be an ISACA member to download that file). I went through a few months in meshing those two into something I use (sorry its work related so I can't and won't post).

EDUCAUSE has some great material there in regards to HIPPA (http://net.educause.edu/ir/library/excel/EAF0507d.xls) which would obviously need to be customized. For anyone who've done any GRC work, one would know it is a broad (to me - boring) process. I found it best to make my own template since there is so much overlap.

Dengar13: That linked Risk Assessment Report is ok, rather on the basic side, I implore you to check out the EDUCAUSE link as it encompasses a more complete and thorough walkthrough across all fields of compliance (technical and nontechnical) however, as stated, you'd need to spend time conforming it to your own business.

Thanks for the information everyone.  This will definately help me out.