HIPAA Risk Assessment

What is your HIPAA compliance score?

You will receive a copy of your results and score via email.

"*" indicates required fields

Contact Person
1. Do you have current HIPAA Privacy AND Security policies along with documentation of annual review?*
2. Have you appointed a Security Officer as well as a Privacy Officer and have job descriptions for both? (Note: this can be the same person)*
3. Has your Privacy/Security Officer(s) received additional training beyond annual training to carry out their role?*
4. Do you have 6-years documentation of staff annual HIPAA training?* (Exception: if your practice has not been open 6-years.)*
5. 6-years training records for new hires before granting computer access to information? (Exception: if your practice has not been open 6-years.)*
6. Has your team been trained what the “minimum necessary” Protected Health Information (PHI) means when carrying out their job functions?*
7. In 2013, did you update all of your HIPAA Business Associate Agreements to include the HITECH Act provisions?*
8. Are your Business Associates and their subcontractors aware of their legal responsibility under the law?*
9. Is your Notice of Privacy Practices (NPP) prominently displayed in your office?*
* = required
10. Is your Notice of Privacy Practices prominently displayed and easily accessed to anyone visiting your website? (EX: your NPP is not buried in the footer, hidden within your online forms and is not part of the FTC Privacy Policy for cookies?)*
11. Do you conduct the required Security & Risk Assessments to identity potential risks and vulnerabilities to PHI and computer network on an annual basis or more frequently if there are changes?*
12. Do you have the required written risk management, incident response and contingency plans? Do you have documentation that those plans have been updated annually or more frequently as needed?*
13. Do you validate media destruction or sanitization when destroying PHI such as old hard drives, flash drives, memory on copy machines or paper records, etc.?*
14. Do you email PHI to patients or dentists/physicians (specialists or referring doctors)?*
15. Are those emails encrypted or do you have patient permission to send PHI in an unencrypted format?*
16. Would you like take advantage of our complimentary 15-min consult?*
This field is for validation purposes and should be left unchanged.