I came across a pretty good list of topics that Auditors ask for in a HIPAA audit.  This is usually the stuff looked at during a HIPAA risk assessment too.  If you haven’t incorporated all of these topics in your risk assessment then now is a good time to go through the list and update your tactics. 

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025253&pageNumber=1

Recently a couple of new sites were added to the Links page.  These are references for risk assessment documentation and methodologies.