Online HIPAA Security Gap Assessment

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and their business associates conduct a risk assessment to ensure they are compliant with HIPAA’s administrative, physical, and technical safeguards.

Watch a demonstration of the Security Gap Assessment now:

Watch Now

Features of the Online HIPAA Security Gap Assessment

This online HIPAA Security Gap Assessment is based on the audit protocols used by the Office of Civil Rights when it conducts HIPAA audits.

You and your staff can complete the assessment over any device connected to the Internet. There are no wrong answers.

The Security Gap Analysis Report shows how well your organization complies with HIPAA.

The Report offers a mitigation plan that presents steps to help you develop your HIPAA security policies and procedures.

Don't just take our word for it.

Watch a walk-through of the system

Watch Now

Read a Sample of the Security Risk Report

Review Now

Explore the security risk assessment

View Guided Tour

Compliance is Important

This HIPAA security gap assessment is based on the federal law that requires you to protect the confidentiality, integrity and availability of records containing protected health information (PHI). Failure to do so can result in a fine assessed against your organization.

Data Breach Guidelines and Lessons Learned

Healthcare Providers Use Encryption to Protect ePHI - Read the story here
HIPAA Breach Notification – What you need to know - Read the story here
HIPAA Business Associate Pays $2.3 Million to Settle Breach - Read the story here
As of July 2021, OCR has imposed penalties resulting of $135,328,482 - Read the story here

User Friendly

Each section in the gap analysis can be completed on any device, anywhere you are. Security questions guide you through the HIPAA security standards. Each question has its own drop down menu containing comprehensive HELP with extensive notes written in plain English!

Do It Yourself (DIY)

For $295 your organization can save on the cost of an outside consultant by conducting your own HIPAA assessment. You simply answer the security questions and print out HIPAA security gap analysis that identifies the documentation you need to meet the requirements of the HIPAA Security Rule.

HIPAA Success™

In addition to our expert customer service, through our unique partnership with Connecting Healthcare®, we can assist you with a wide-range of HIPAA needs - Implementation, annual audit review, privacy assessments, updated policies and procedures, and customized workforce training. Just Contact Us!

We'll Do It For You

Don't have the time or the staff to complete a HIPAA security gap assessment? Are you a business associate or other organization new to HIPAA? Is your practice using out of date HIPAA policies and procedures or workforce training? Contact Us Today to receive a free quote for your HIPAA project, large or small!

Take your security risk assessment with you.

The HIPAA Online Security Risk Assessment is designed with you in mind. You can fill out the survey anywhere, from your PC or mobile device.

Work is different today. Teams can be more collaborative and work together from many different locations. The Online Security Gap Assessment provides that mobile flexibility.

Sign-up Today

Benefits of the Online Security Risk Assessment

The HIPAA Security Rule requires Covered Entities and their Business Associates to evaluate the security risks and vulnerabilities in their computer systems and to implement policies and procedures to address those risks and vulnerabilities.

Completing this Online security gap assessment will help ensure that you have identified the required HIPAA security documentation that your organization needs.

Complete Coverage

Covers all sections of the HIPAA Security Rule and helps you identify every document the regulations require your practice to have. Let this website do the work for you.

Technical Inventory

Lets you add a complete inventory of the technologies you use in your organization so that you can better secure them. If you already have a technical inventory, you can upload it to a secure central storage included with this security risk assessment.

Print out Risk Assessment Report

When you complete all of the questions in the security gap assessment, you can immediately print out a Security Gap Analysis Report that offers steps for risk mitigation

Frequently Asked Questions

The HIPAA security standards have been in place for almost two decades. A major requirement of the HIPAA Security Rule is for every covered entity to conduct a risk analysis to assess and identify vulnerabilities that exist in your organization and any risks inherent in securing the electronic Protected Health Information. Covered Entities and their Business Associates who have not completed a risk assessment can face fines from the Office of Civil Rights.
The technical inventory helps you identify all of the equipment in your practice that stores or transmits electronic Protected Health Information. The more details you can include in this technical survey, the better documented your inventory will be.
This Online risk assessment lets you assign staff members to different sections of the evaluation survey over any mobile device that can connect to the Internet. Completing this risk assessment can be a team effort.
The security risk assessment report summarizes the findings of the Online risk analysis. It identifies the policy and/or procedure documents that you need to have for complying with HIPAA. The final report can easily be printed out.

Pricing for every business, at any stage

All pricing packages are backed up by a 30-day money back guarantee.

Contact Us

For questions about this Online HIPAA Security Gap Assessment you can contact HIPAA Risk Analytics by phone or email:

Call Christopher Sullivan at 850-591-2821

Send email to Christopher Sullivan at

The Development Team of the Online Security Risk Assessment

The Online SRA partners collectively have over a hundred of years of experience in HIPAA, Health IT, privacy and security and web and database development. Here is the team:


Christopher Sullivan, PhD

Christopher Sullivan, PhD is the CEO of HIPAA Risk Analytics LLC. He spent five years developing this Online HIPAA Security Gap Assessment with the help of these partners. He is also the CEO of Image Research, a communication consulting firm that specializes in medical informatics, HIPAA privacy and security, Health Information Exchange, Telehealth, and health data analysis.

Christopher has three decades of experience in academics, health-related management in Florida government and health care facilities, software development, and multivariate data analysis. Christopher is an expert in CMS quality reporting programs and assists Florida ambulatory providers in completing annual CMS attestation and Security RIsk Assessment reporting.

As an Adjunct Professor, Christopher taught or is teaching courses in Public Health Informatics at Nova Southeastern University, Courses in Telecommunications and Networking in Health Care for the Biomedical Informatics at College of Osteopathic Medicine, and Courses in Health Information Management, Electronic Health Records and Privacy, and Security at Florida International University (FIU). Christopher has co-authored white papers for HIMSS, AHIMA, and the Office of National Coordinator for Health IT (ONC).


Isaac Sullivan

Isaac Sullivan is responsible for overall IT management, application development and implementation, and primary technical account manager for our clients. Isaac has worked as a software professional, web developer, database manager and lead research technologist for over two decades.

In past roles Isaac served as technical lead responsible for architecting and developing the FCAT Explorer, the offical Florida statewide Internet training and testing system for elementary school students in Florida. Isaac also served as a consultant responsible for designing and developing Internet and Intranet applications for state agencies in Florida.


Walt Culbertson

Walt Culbertson is the founder and President of Connecting Healthcare® dedicated to HIPAA Compliant secure healthcare administrative and clinical transactions success since 2004. Walt served as the Chief Technology, Security and Privacy Officer of Webify Solutions, and was the founding Chief Technology, Security and Privacy Officer for Availity, one of the nation's largest national health care clearinghouses. Walt also served as the Vice President of HIPAA Solutions for The TriZetto Group and as a senior healthcare consultant for PriceWaterhouseCoopers, LLP, performing in the role as a Director within the PwC Healthcare Consulting Practice.

Walt served as the Co-Chair of a CMS Sponsored Insurance Commissioner HIPAA Task Force which included the thirteen Southern States, and is the founding Chair of the Southern HIPAA Administrative Regional Process (SHARP), a public and private collaboration of private health care organizations a public and private collaboration of private health care organizations with HHS, HRSA, and CMS. Walt was one of the founding Security and Privacy Co-Chairs for the WEDi HIPAA Strategic National Implementation Process (SNIP) and served on the executive boards of the HIPAA Conformance Certification Organization (HCCO) and the HIPAA Action Workgroup of Kentucky.


Susan A. Miller, JD

Attorney Susan Miller is Chief Privacy Officer for Connecting Healthcare®. Sue is a a national HIPAA and HITECH health care expert and strategist who has consulted with covered entities, business associates, technology companies, Affordable Care Organizations, Regional Extension Centers, state Medicaid Agencies and federal agencies such as the Office of Civil Rights, the National Institute of Standards and Technology, and the Colleges of Medicare and Medicaid.

Sue developed the NIST HIPAA Security risk analysis and audit tool as well as HIPAA privacy and security tools for risk analysis and assessment, audit, breach notification and HIPAA policies and procedures, plus contingency plans, disaster recovery plans, training plans and training materials used by both covered entities and business associates. Sue was one of the founding Security and Privacy Co-Chairs for the Workgroup for Electronic Data Interchange (WEDi), HIPAA Strategic National Implementation Process (SNIP), and served on the board of the Southern HIPAA Administrative Regional Process (SHARP), a public and private collaboration of private health care organizations and Health and Human Services (HHS), Health Resources Services Administration (HRSA) and the Centers for Medicare and Medicaid Services (CMS).