Chat with us, powered by LiveChat

HIPAA Security Rule Compliance Review

HIPAA Security Rule Compliance Quiz

Take our quick HIPAA Security Rule compliance quiz to see how your organization is doing with HIPAA security.

  • Question 1

    Has your organization performed a HIPAA security risk assessment within the past 2 years?

  • Choose "Yes" if your organization has performed a HIPAA risk assessment in the past 2 years. Choose "No" if your organization has not performed a HIPAA risk assessment in the past 2 years.

  • Question 2

    Do you have written policies and procedures that address the administrative, physical and technical safeguards of the HIPAA Security Rule?

  • Answer "Yes" if your organization has written policies and procedures to address the HIPAA Security Rule safeguards. Answer "No" if your organization does not have written policies and procedures.

  • Question 3

    Has each of your employees gone through HIPAA security training and taken a HIPAA security compliance test?

  • Answer "Yes" if each employee has received HIPAA security training and has completed a HIPAA security compliance test to demonstrate their knowledge of HIPAA security. Answer "No" if employees have not received HIPAA security training and compliance testing.

  • Question 4

    Have your Business Associates signed Business Associate agreements?

  • Answer "Yes" if all your Business Associates have signed Business Associate agreements. Answer "No" if all your Business Associates have not signed Business Associate agreements.

  • Question 5

    Does the organization track the movement of visitors and patients while they are in the organization's facility?

  • Answer "Yes" if the organization has a procedure implemented to track the movement of individuals inside the organization. i.e. security cameras or restricted access between rooms. Answer "No" if the organization does not track the movement of individuals inside the organization.

  • Question 6

    Does the organization have documented disaster recovery procedures in place?

  • Answer "Yes" if the organization has documented disaster recovery procedures in place and regularly test the procedures. Answer "No" if the organization does not have documented disaster recovery procedures in place or does not test the procedures regularly.

  • Question 7

    Does the organization restrict access to the room or location where servers are located?

  • Answer "Yes" if the organization restricts access to the room or location where servers are located. Answer "No" if the access to the room or location where servers are located is not restricted.

  • Question 8

    Does the organization encrypt email to protect electronic protected health information (ePHI) / patient data and important information sent through email?

  • Answer "Yes" if the organization implements a procedure to encrypt email to protect ePHI. Answer "No" if the organization does not implement or enforce a procedure that requires encryption for all email to protect ePHI and important data sent through email.

  • Question 9

    Is anti-malware (anti-virus and anti-spyware) installed and updated on each of the organization's workstations and servers?

  • Answer "Yes" if the organization has implemented anti-malware protection on all systems to prevent malicious intrusions. Answer "No" if the organization does not have anti-malware on all systems to protect from malicious intrusions.

  • Question 10

    Does the organization have system auditing (logging of all access to ePHI and patient data) setup to facilitate the detection of unauthorized access to ePHI / patient data?

  • Answer "Yes" if the organization does have system auditing setup and currently reviews the audit logs. Answer "No" if the organization does not have system auditing setup or does not review the audit logs.