Service
Service Description
MACRA / MIPS Security Risk Analysis
Free HIPAA Security Training
HIPAA Security Rule Compliance Review
HIPAA Audits
Business Associate Program
FAQs
Testimonials
Client Referral Program
Videos
Service Overview Videos
Blog
Store
Partners
Explore our Partner Program
For Current Partners
Partner Store, Referral Registration & Marketing Resources
Contact Us
News
HSN in the News
Press Releases
Client Login
HIPAA Security Rule Compliance Review
HIPAA Security Rule Compliance Quiz
Take our quick HIPAA Security Rule compliance quiz to see how your organization is doing with HIPAA security.
Question 1
Has your organization performed a HIPAA security risk assessment within the past 2 years?
Answer 1
Yes
No
Not Sure
Choose "Yes" if your organization has performed a HIPAA risk assessment in the past 2 years. Choose "No" if your organization has not performed a HIPAA risk assessment in the past 2 years.
Question 2
Do you have written policies and procedures that address the administrative, physical and technical safeguards of the HIPAA Security Rule?
Answer 2
Yes
No
Not Sure
Answer "Yes" if your organization has written policies and procedures to address the HIPAA Security Rule safeguards. Answer "No" if your organization does not have written policies and procedures.
Question 3
Has each of your employees gone through HIPAA security training and taken a HIPAA security compliance test?
Answer 3
Yes
No
Not Sure
Answer "Yes" if each employee has received HIPAA security training and has completed a HIPAA security compliance test to demonstrate their knowledge of HIPAA security. Answer "No" if employees have not received HIPAA security training and compliance testing.
Question 4
Have your Business Associates signed Business Associate agreements?
Answer 4
Yes
No
Not Sure
Answer "Yes" if all your Business Associates have signed Business Associate agreements. Answer "No" if all your Business Associates have not signed Business Associate agreements.
Question 5
Does the organization track the movement of visitors and patients while they are in the organization's facility?
Answer 5
Yes
No
Not Sure
Answer "Yes" if the organization has a procedure implemented to track the movement of individuals inside the organization. i.e. security cameras or restricted access between rooms. Answer "No" if the organization does not track the movement of individuals inside the organization.
Question 6
Does the organization have documented disaster recovery procedures in place?
Answer 6
Yes
No
Not Sure
Answer "Yes" if the organization has documented disaster recovery procedures in place and regularly test the procedures. Answer "No" if the organization does not have documented disaster recovery procedures in place or does not test the procedures regularly.
Question 7
Does the organization restrict access to the room or location where servers are located?
Answer 7
Yes
No
Not Sure
Answer "Yes" if the organization restricts access to the room or location where servers are located. Answer "No" if the access to the room or location where servers are located is not restricted.
Question 8
Does the organization encrypt email to protect electronic protected health information (ePHI) / patient data and important information sent through email?
Answer 8
Yes
No
Not Sure
Answer "Yes" if the organization implements a procedure to encrypt email to protect ePHI. Answer "No" if the organization does not implement or enforce a procedure that requires encryption for all email to protect ePHI and important data sent through email.
Question 9
Is anti-malware (anti-virus and anti-spyware) installed and updated on each of the organization's workstations and servers?
Answer 9
Yes
No
Not Sure
Answer "Yes" if the organization has implemented anti-malware protection on all systems to prevent malicious intrusions. Answer "No" if the organization does not have anti-malware on all systems to protect from malicious intrusions.
Question 10
Does the organization have system auditing (logging of all access to ePHI and patient data) setup to facilitate the detection of unauthorized access to ePHI / patient data?
Answer 10
Yes
No
Not Sure
Answer "Yes" if the organization does have system auditing setup and currently reviews the audit logs. Answer "No" if the organization does not have system auditing setup or does not review the audit logs.