HIPAA Risk Assessment

What is your HIPAA compliance score?

You will receive a copy of your results and score via email.

"*" indicates required fields

Contact Person
1. Do you have a set of customized HIPAA Privacy AND Security policies along with documentation of annual review?*
2. Have you appointed a Security Officer as well as a Privacy Officer and have job descriptions for both? (Note: this can be the same person)*
3. Has your Privacy/Security Officer(s) received additional training and/or certification beyond annual training to carry out their role?*
4. Do you have 6-years documentation of staff annual HIPAA training?* (Exception: if your practice has not been open 6-years.)*
5. Do you have documented training records for new hires before granting computer access to information?*
6. Has your team been trained what the “minimum necessary” Protected Health Information (PHI) means when carrying out their job functions?*
7. Can you easily access all of your Business Associate Agreements and are they signed and dated? (Note: this includes apps and vendors that access or view PHI such as a chatbot or a company that records/analyzes incoming phone calls.)*
8. Does your IT vendor provide managed services for your practice? In other words, are they actively monitoring your network for cyber-attacks as required by the Security Rule?*
9. Was your Notice of Privacy Practices (NPP) customized for your practice and is it prominently displayed in your office? (Note: a generic NPP from a software provide or the Internet is not sufficient.)*
* = required
10. Is your Notice of Privacy Practices prominently displayed and easily accessible to anyone visiting your website? (EX: your NPP is not buried in the footer, hidden within your online forms, and is not part of the FTC Privacy Policy for cookies?)*
11. Do you conduct the required Security & Risk Assessments to identify potential risks and vulnerabilities to PHI and computer network on an annual basis or more frequently if there are changes? (Note: this not something your IT company provides.)*
12. Do you have the required written risk management, incident response and contingency plans? Do you have documentation that those plans have been updated annually or more frequently as needed?*
13. Do you have written media destruction or sanitization documentation when destroying PHI, such as old hard drives, flash drives, memory on copy machines or paper records, etc. to validate it was destroyed properly?*
14. Do you email PHI to other dentists or physicians (specialists or referring doctors)?*
15. Are those emails encrypted or do you use a HIPAA compliant portal? (Note: If you rely upon Outlook or Gmail, you must have the proper security settings in place to be compliant)*
16. Would you like take advantage of our complimentary 15-min consult?*
This field is for validation purposes and should be left unchanged.