Conduct a comprehensive security assessment - A comprehensive risk assessment is required under the HIPAA security rule and meaningful use. Risk assessments should include assessing the risk posed by patient portals and the possibility of unauthorized access during transmission. An integrated identity and access management tool is important here..