HIPAA Compliance Checklist & Security Risk Assessment
Score your practice against the HIPAA Security Rule, Privacy Rule, HITECH, and state breach notification laws.
Score your practice or covered entity against the HIPAA Security Rule administrative, physical, and technical safeguards.
No registration required to take the assessment. Save, email, or download a PDF report by registering.
Executive assessment covers
7 sections · 30 questions · ~10–15 min
Administrative Safeguards (§164.308)
Risk analysis, workforce policies, and assigned security responsibility.
6 questions
Physical Safeguards (§164.310)
Facility, workstation, device, and media controls.
4 questions
Technical Safeguards (§164.312)
Access control, audit controls, integrity, and transmission security.
7 questions
Business Associates
BAAs and ongoing oversight of vendors that touch PHI.
3 questions
Privacy Rule & Patient Rights
Notice of Privacy Practices, minimum necessary, patient access.
3 questions
Breach Notification (HITECH)
Risk assessment, individual, HHS, and media notification.
4 questions
Workforce Training
Initial and periodic HIPAA training for all workforce.
3 questions
