HIPAA Risk Score Tool

Quick self-assessment of your HIPAA compliance posture. This tool evaluates administrative, technical, and physical safeguards based on the HIPAA Security Rule. This is not a substitute for a formal risk assessment.

Administrative Safeguards

Formal risk assessment completed in past 12 months?

Written HIPAA policies and procedures in place?

Annual HIPAA training for all staff?

Business Associate Agreements (BAAs) with all vendors?

Technical Safeguards

Data encrypted at rest and in transit?

Unique user IDs and role-based access controls?

Multi-factor authentication (MFA) enabled?

Audit logs enabled and reviewed regularly?

Regular backups with tested restore process?

Physical Safeguards

Servers/network equipment in locked, access-controlled area?

Auto-lock screens and physical security for workstations?

Secure disposal process for PHI (shred, wipe devices)?

Results

Answer all questions to receive your HIPAA risk assessment.

About HIPAA compliance

The HIPAA Security Rule requires covered entities to maintain reasonable administrative, technical, and physical safeguards to protect electronic protected health information (ePHI).

This is not a comprehensive audit – consult with a qualified HIPAA professional
Violations can result in fines from $100 to $50,000+ per violation
OCR (Office for Civil Rights) conducts audits and investigates breaches
Document everything: policies, training, risk assessments, BAAs
Regular training and testing are key to maintaining compliance