Audit Your Compliance
In Under 10 Minutes
Select your regulatory framework, check each control, and instantly see your compliance score, gaps, and priority remediation items.
Written HIPAA Security Policies & Procedures
Documented policies covering all required HIPAA Security Rule standards
Workforce Security Training Program
Annual HIPAA training for all staff who access PHI
Risk Analysis & Risk Management
Annual documented risk assessment of PHI vulnerabilities
Incident Response & Breach Notification Plan
Process to detect, respond to, and report breaches within 60 days
Business Associate Agreements (BAAs)
Signed BAAs with all vendors who create, receive, or transmit PHI
Workstation Access Controls & Automatic Logoff
Screen locks and position restrictions for PHI-accessing workstations
Device & Media Disposal Procedures
Documented secure destruction of hard drives, devices, and media
Unique User IDs & Access Controls
Individual logins (no shared accounts) with role-based access to PHI
Encryption of PHI at Rest & In Transit
AES-256 encryption for stored data; TLS 1.2+ for transmissions
Audit Logging & Activity Monitoring
Audit logs of all PHI access, modification, and deletion
Multi-Factor Authentication (MFA)
MFA enforced for all systems accessing PHI remotely or via cloud
Data Backup & Disaster Recovery Testing
Regular automated backups with documented, tested recovery procedures