HIPAA Risk Assessment What is your HIPAA compliance score? You will receive a copy of your results and score via email. "*" indicates required fields Name of PracticePhoneContact Person First Last Email 1. Do you have a set of customized HIPAA Privacy AND Security policies along with documentation of annual review?* Yes No Don't Know 2. Have you appointed a Security Officer as well as a Privacy Officer and have job descriptions for both? (Note: this can be the same person)* Yes No Don't Know 3. Has your Privacy/Security Officer(s) received additional training and/or certification beyond annual training to carry out their role?* Yes No Don't Know 4. Do you have 6-years documentation of staff annual HIPAA training?* (Exception: if your practice has not been open 6-years.)* Yes Don't Know No 5. Do you have documented training records for new hires before granting computer access to information?* No Yes Don't Know 6. Has your team been trained what the “minimum necessary” Protected Health Information (PHI) means when carrying out their job functions?* Yes Don't Know No 7. Can you easily access all of your Business Associate Agreements and are they signed and dated? (Note: this includes apps and vendors that access or view PHI such as a chatbot or a company that records/analyzes incoming phone calls.)* No Yes Don't Know 8. Does your IT vendor provide managed services for your practice? In other words, are they actively monitoring your network for cyber-attacks as required by the Security Rule?* Don't Know No Yes 9. Was your Notice of Privacy Practices (NPP) customized for your practice and is it prominently displayed in your office? (Note: a generic NPP from a software provide or the Internet is not sufficient.)* Don't Know Yes No * = required10. Is your Notice of Privacy Practices prominently displayed and easily accessible to anyone visiting your website? (EX: your NPP is not buried in the footer, hidden within your online forms, and is not part of the FTC Privacy Policy for cookies?)* No Yes Don't Know 11. Do you conduct the required Security & Risk Assessments to identify potential risks and vulnerabilities to PHI and computer network on an annual basis or more frequently if there are changes? (Note: this not something your IT company provides.)* Don't Know Yes No 12. Do you have the required written risk management, incident response and contingency plans? Do you have documentation that those plans have been updated annually or more frequently as needed?* Don't Know Yes No 13. Do you have written media destruction or sanitization documentation when destroying PHI, such as old hard drives, flash drives, memory on copy machines or paper records, etc. to validate it was destroyed properly?* Don't Know No Yes 14. Do you email PHI to other dentists or physicians (specialists or referring doctors)?* No Don't Know Yes 15. Are those emails encrypted or do you use a HIPAA compliant portal? (Note: If you rely upon Outlook or Gmail, you must have the proper security settings in place to be compliant)* Yes No Don't Know 16. Would you like take advantage of our complimentary 15-min consult?* No Yes Don't Know EmailThis field is for validation purposes and should be left unchanged.