Basic HIPAA Security Rule Assessment
*
Email
*
Company Website
Company Name
*
First Name
*
Last Name
*
Title
Our organization has implemented policies and procedures to prevent, detect, contain, and correct security violations.
Yes
No
Maybe
Unsure
Our organization routinely completes security risk assessment.
Yes
No
Maybe
Unsure
Our organization's risk assessment policy address the purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, training and compliance.
Yes
No
Maybe
Unsure
Our organization identities the types of information and uses of that information and the sensitivity of each type of information has been evaluated.
Yes
No
Maybe
Unsure
Our organization has identified all information systems that house ePHI.
Yes
No
Maybe
Unsure
Our organization has current safeguards that ensure the confidentiality, integrity, and availability of all ePHI.
Yes
No
Maybe
Unsure
Our organization has formal and documented contingency plan.
Yes
No
Maybe
Not sure
Our organization has made all of workforce aware of our processes, policies, and procedures (concerning sanctions for inappropriate access), use, disclosure, and transmission of ePHI.
Yes
No
Maybe
Not sure
Our organization has a process, procedure, or communication plan of how and when your mangers and staff, employees, and workforce will be notified of suspected inappropriate activity.
Yes
No
Maybe
Unsure
Our organization often analyzes our systems activities, reviews and reports.
Yes
No
Maybe
Unsure
Our organization has a complete security official job description that accurately reflects the security duties and responsibilities.
Yes
No
Maybe
Unsure
Our organization has defined our roles and responsibilities for all job functions.
Yes
No
Maybe
Unsure
Our organization has assigned appropriate levels of security level oversight training and access to each role.
Yes
No
Maybe
Unsure
Our organization has formal and documented procedures for obtaining the necessary and appropriate sign-offs within your organizational structure to both grant and terminate access to ePHI.
Yes
No
Maybe
Unsure
Our organization has authentification mechanisms to verify the identify of the user accessing the system.
Yes
No
Maybe
Unsure
Our organization's staff, employees, and workforce members understand their roles and responsibilities in selecting a password of appropriate strength, changing the password periodically as required, and safeguarding their password.
Yes
No
Maybe
Unsure
Our organization's policy and plan outline what critical services must be provided within specific timeframes.
Yes
No
Maybe
Unsure
Our organization has an emergency call list and it has been distributed to all staff, employees, and workforce members.
Yes
No
Maybe
Unsure
Our organization has documented all of our data backup procedures and made them available to all your staff, employees, and workforce members.
Yes
No
Maybe
Unsure
Our organization has determined what hardware, software, and personnel are critical to our organization's daily business operations.
Yes
No
Maybe
Unsure
Our organization has business associate contracts.
Yes
No
Maybe
Unsure
Our organization has facility access control policies and procedures already in place.
Yes
No
Maybe
Unsure
Our organization has workstation use policies and procedures.
Yes
No
Maybe
Unsure
Our organization has identified all applications, systems, servers, and other electronic tools that hold and use ePHI.
Yes
No
Maybe
Unsure
Our organization has an electronic procedure that automatically terminates electronic session after a predetermined of time of activity.
Yes
No
Maybe
Unsure
Our organization has determined the period of activity prior to triggering an automatic log-off.
Yes
No
Maybe
Unsure
Our organization have tools in place for auditing data review, creating, deleting and updating, plus for firewall system activity and other similar activities.
Yes
No
Maybe
Unsure
Our organization has a plan to notify your managers and other staff, employees, and workforce members regarding suspect activity.
Yes
No
Maybe
Unsure
Our organization uses encryption to protect ePHI during transmission.
Yes
No
Maybe
Unsure
Submit
Save Draft