This is a HIPAA evaluation recommended by Dan Edwards CEO of Pact-One.
Risk Analysis Requirements under the Security Rule
The Security Management Process standard in the Security Rule (45 C.F.R. § 164.308(a)(1) requires organizations to “implement policies and procedures to prevent, detect, contain, and correct security violations.” Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard.
via Pact-One.
As a general rule I am leery of these services because I often see them trying to sell us things we do not need. However if Dan recommends it I am comfortable using it as well.