HIPAA Assessment
Do you know your cybersecurity readiness? Take our 10 minutes assessment to know your compliance readiness.
0 Score! Get Final Report Restart Assessment
- 0 to 100 : You got lot to do… let’s get to work!
- 101 to 200 : You are almost there..
- 201 to 235 : You got this!
Administrative Safeguards
PHYSICAL SAFEGUARDS
TECHNICAL SAFEGUARDS
ORGANIZATION REQUIREMENTS
HIPAA Assessment
Your Score: 0 You got lot to do… let’s get to work!
- 0 to 100 : You got lot to do… let’s get to work!
- 101 to 200 : You are almost there..
- 201 to 235 : You got this!
Try our Cybersecurity Free Courses with Securetain.
Review your assessment questionnaire in the attachment.
| # | Question/Requirements | Rating |
|---|---|---|
Administrative Safeguards |
||
| 1.1 | 164.308 (a)(1) - Does your Organization conduct accurate and thorough analysis of potential risks and vulnerabilities for Protected Health Information (PHI)? |
0 |
| 1.2 | 164.308 (a)(1) - Has your Organization implemented adequate security measures to reduce risks and vulnerabilities to a reasonable and appropriate level? |
0 |
| 1.3 | 164.308 (a)(1) - Do you have appropriate sanctions in place against employees who fail to comply with your security policies and procedures? |
0 |
| 1.4 | Are all records of information system actives reviewed periodically? |
0 |
| 2 | 164.308 (a)(2) - Do you have a security professional or team assigned responsible for your policies and procedures? |
0 |
| 3 | 164.308 (a)(6) - Do you have a documented process in place that helps identify and mitigate any suspected or known security incidents ? |
0 |
| 4.1 | 164.308 (a)(7) - As part of backup plan, have you implemented procedures to create, maintain, retrieve copies of PHI? |
0 |
| 4.2 | 164.308 (a)(7) - As part of disaster recovery, do you have a documented and implemented procedure to restore lost data? |
0 |
| 4.3 | 164.308 (a)(7) - Do you periodically evaluate the response to environmental and operational changes affecting the security of electronic PHI? |
0 |
| 5 | 164.308 (b)(1) - Do you provide satisfactory assurance through written contract or through any other arrangement? |
0 |
| 6.1 | 164.308 (a)(3) - Have you implemented procedures to ensure proper authorization and/or supervision of employees who work with electronic PHI? |
0 |
| 6.2 | 164.308 (a)(3) - Have you implemented procedures that help determine if access clearance is appropriate for employees working with electronic PHI? |
0 |
| 6.3 | 164.308 (a)(3) - Do you have procedures implemented to ensure proper termination of access to PHI when employment ends? |
0 |
| 7.1 | 164.308 (a)(4) - Do you have documented policies and procedures for granting access to PHI? |
0 |
| 7.2 | 164.308 (a)(4) - Have you documented and implemented polices and procedures for to review and modify a user's right of access? |
0 |
| 8.1 | 164.308 (a)(5) - Does your organization issue security updates periodically? |
0 |
| 8.2 | 164.308 (a)(5) - Have you implemented procedures for detecting and reporting malicious software? |
0 |
| 8.3 | 164.308 (a)(5) - Do you have procedures in place to monitor log-in attempts and reporting discrepancies? |
0 |
| 8.4 | 164.308 (a)(5) - Do you have documented procedure for creating, changing and safeguarding passwords? |
0 |
| 9.1 | 164.308 (a)(7) - Have you implemented procedures for periodic testing and previsioning of contingency plan? |
0 |
| 9.2 | 164.308 (a)(7) - Do you assess the relative criticality of specific applications and data in support of the contingency plan? |
0 |
PHYSICAL SAFEGUARDS |
||
| 10 | 164.310 (b) - Do you have policies and procedures to specify the functions to be performed on classes of workstations that access electronic PHI? |
0 |
| 11 | 164.310 (c) - Have you implemented physical safeguards for all workstations that access electronic PHI? |
0 |
| 12.1 | 164.310 (d)(1) - Do you have policies and procedures that address the final and proper disposal of electronic PHI? |
0 |
| 12.2 | 164.310 (d)(1) - Do you have detailed procedures for the proper removal of electronic PHI from electronic media before media are made available for reuse? |
0 |
| 13.1 | 164.310 (a)(1) - Do you have established contingency procedures in place that allow facility access in support of restoration of data in an emergency. |
0 |
| 13.2 | 164.310 (a)(1) - Do you have policies and procedures to safeguard your facility and equipment? |
0 |
| 13.3 | 164.310 (a)(1) - Are your access controls and validation process based on the role the employees function? |
0 |
| 13.4 | 164.310 (a)(1) - Do you have policies and procedures to document repairs and modifications to the physical components of the facility? |
0 |
| 14.1 | 164.310 (d)(1) - Does you organization maintain records of the movements of hardware and electronic media? |
0 |
| 14.2 | 164.310 (d)(1) - Are you able to retrieve an exact copy of electronic PHI before the movement of systems? |
0 |
TECHNICAL SAFEGUARDS |
||
| 15.1 | 164.312 (a)(1) - As part of Unique user Identification, does you organization ensure a unique name/ number is assigned for identifying and tracking user identity? |
0 |
| 15.2 | 164.312 (a)(1) - Does your organization have detailed procedures for obtaining necessary electronic PHI during an emergency? |
0 |
| 16 | 164.312 (b) - As part of audit controls has your organization implemented mechanisms that records and examines the activity in information systems that contain or use electronic PHI? |
0 |
| 17 | 164.312 (d) - Do you have procedures in place to verify a person or entity seeking access to electronic PHI is the one claimed? |
0 |
| 18.1 | 164.312 (a)(1) - Has your organization implemented electronic procedures that terminates an electronic session after a predetermined period of inactivity? |
0 |
| 18.2 | 164.312 (a)(1) - For your encryption and decryption mechanism, have you implemented a mechanism to encrypt and decrypt electronic PHI? |
0 |
| 19 | 164.312 (c)(1) - Do you have policies and procedures in place that protect electronic PHI from improper alteration or destruction? |
0 |
| 20.1 | 164.312 (e)(1) - Has your organization implemented security measures/internal controls to ensure that electronic PHI is not improperly modified without detection? |
0 |
| 20.2 | 164.312 (e)(1) - Has your organization implemented a mechanism to encrypt electronic PHI whenever deemed appropriate? |
0 |
ORGANIZATION REQUIREMENTS |
||
| 21 | 164.312 (a)(1) - "Do your Business associate contracts or other agreements include the following? |
0 |
| 22 | 164.312 (b)(1) - "Do your Group Health Plans like the Business Associate contracts/agreements? |
0 |
| 23 | 164.316 (a) - Does your organization have a Risk management Program developed? |
0 |
| 24 | 164.316 (b)(1) - Does your organization have policies and procedures in place for a Information Security Management Program? |
0 |
| 25 | 164.316 (b)(2)(i) - Do you have a 6 year retention period? |
0 |
| 26 | 164.316 (b)(2)(ii) - Does your organization ensure availability of PHI related policies to those needing them? |
0 |
| 27 | 164.316 (b)(2)(iii) - Do you periodically review and update the policies needed in response to changes affecting security? |
0 |