HIPAA Compliance Assessment — Medical Practice
No pressure. No obligation. Just clarity.

Practice Information

Administrative Safeguards
Do you have a designated Security Officer? 45 CFR §164.308(a)(2) — Required
Have you conducted a formal risk analysis in the last 12 months? 45 CFR §164.308(a)(1)(ii)(A) — Required
Do you have written security policies? 45 CFR §164.308(a)(1)(i) — Required
Is workforce training conducted at hire and annually? 45 CFR §164.308(a)(5) — Addressable*
Do you have an incident response plan? 45 CFR §164.308(a)(6) — Required

🔓 PREMIUM QUESTIONS — LOCKED

Physical Safeguards
Are facilities with PHI access restricted? 45 CFR §164.310(a)(1) — Required
Are workstations secured against unauthorized viewing? 45 CFR §164.310(b) — Required
Do you have secure device disposal procedures? 45 CFR §164.310(d)(1) — Required

🔓 PREMIUM QUESTIONS — LOCKED

Technical Safeguards
Does each user have a unique login ID? 45 CFR §164.312(a)(2)(i) — Required
Is Multi-Factor Authentication (MFA) enabled? 45 CFR §164.312(d) — Addressable*
Is data encrypted at rest? 45 CFR §164.312(a)(2)(iv) — Addressable
Is data encrypted in transit? 45 CFR §164.312(e)(1) — Addressable
Are audit logs enabled and reviewed? 45 CFR §164.312(b) — Required

🔓 PREMIUM QUESTIONS — LOCKED

Baas Safeguards
Do you have signed BAAs with ALL vendors handling PHI? 45 CFR §164.308(b)(1) — Required
Do your BAAs include breach notification requirements? 45 CFR §164.314(a)(2)(i) — Required

🔓 PREMIUM QUESTIONS — LOCKED

Breach Safeguards
Can you notify affected individuals within 60 days? 45 CFR §164.404(b) — Required
Can you report to HHS within 60 days? 45 CFR §164.406 — Required

🔓 PREMIUM QUESTIONS — LOCKED

Free assessment shows PASS or FAIL only. Unlock for complete analysis.

No Pressure. No Obligation. No Upsell. We're here when you need us.

Focus on your patients; we'll handle the compliance.