Online HIPAA Security Risk Assessment

HIPAA requires all physicians to evaluate security risks to their computer systems and identify any vulnerabilities that exist in their offices.

The HIPAA Security Rule provides a road map for managing risk and protecting your medical data.

This online security evaluation covers all required HIPAA security policies and procedures.

Watch a demonstration of the Risk Assessment now:

Watch Now

Features of the Online HIPAA Security Risk Assessment

This online risk assessment is based on the audit protocols used by the Office of Civil Rights when it conducts HIPAA audits.

You and your staff can complete the survey in the privacy of your office over any device connected to the Internet. There are no wrong answers.

The Security Risk Assessment Report shows how well your practice complies with HIPAA.

The mitigation plan lays out steps to help you develop security policies and procedures.

Don't just take our word for it.

Watch a walkthrough of the system

Watch Now

Read a Sample of the Security Risk Report

Review Now

Explore the security risk assessment

View Guided Tour

Compliance is Important

This HIPAA security risk assessment is based on the federal law that requires you to protect the confidentiality, integrity, and availability of your patient records. Failure to do so can result in a fine assessed against your practice.

Data Breach Guidelines

Healthcare Providers Use Encryption to Protect ePHI - Read the story here
HIPAA Breach Notification – What you need to know - Read the story here
HIPAA Enforcement: Lessons from the OCR’s Recent Settlements - Read the story here

User Friendly

Each section in the risk assessment can be completed on any device, anywhere you are. Security questions guide you through the HIPAA security standards. Each question has its own drop down help menu with extensive notes.

Lower Your Costs

For just $699 your practice can save more than half the cost of an outside consultant conducting a risk assessment for you. Your office staff can answer the security questions and print out a risk assessment report that meets requirements of the HIPAA Security Rule.

Take your security risk assessment with you.

The HIPAA Online Security Risk Assessment is designed with you in mind. You can fill out the survey anywhere, from your PC or mobile device.

Work is different today. Teams can be more collaborative and work together from many different locations. The Online Risk Assessment provides that mobile flexibility.

Sign-up Today

Benefits of the Online Security Risk Assessment

The HIPAA Security Rule requires physician practices to evaluate the security risks and vulnerabilities in their computer systems and to implement policies and procedures to address those risks and vulnerabilities.

Completing this online security risk assessment can help ensure that you have identified the required documentation that your practice need to comply with the HIPAA Security Rule.

Complete Coverage

Covers all sections of the HIPAA Security Rule and helps you identify every document the regulations require your practice to have. Let this website do the work for you.

Technical Inventory

Lets you add a complete inventory of the technologies you use in your practice so that you can better secure them. If you already have a technical inventory, you can upload it to a secure central storage included with this security risk assessment.

Print out Risk Assessment Report

When you complete all of the questions in the security risk assessment, you can immediately print out a Risk Assessment Report that offers steps for risk mitigation

Frequently Asked Questions

The HIPAA security standards have been in place for almost two decades. A major requirement of the HIPAA Security Rule is for every covered entity to conduct a risk analysis to assess and identify vulnerabilities that exist in the practice and any risks inherent in securing the electronic Protected Health Information. Physician practices that have not completed a risk assessment can face fines from the Office of Civil Rights.
The technical inventory helps you identify all of the equipment in your practice that stores or transmits electronic Protected Health Information. The more details you can include in this technical survey, the better documented your inventory will be.
This online risk assessment lets you assign staff members to different sections of the evaluation survey over any mobile device that can connect to the Internet. Completing this risk assessment can be a team effort.
The security risk assessment report summarizes the findings of the online risk analysis. It identifies the policy and/or procedure documents that you need to have for complying with HIPAA. The final report can easily be printed out.

Pricing for every business, at any stage

All pricing packages are backed up by a 30-day money back guarantee.

Contact Us

For questions about this Online Security Risk Assessment you can contact HIPAA Risk Analytics by phone or email:

Call Christopher Sullivan at 850-591-2821

Send email to Christopher Sullivan at

The Development Team of the Online Security Risk Assessment

The online SRA partners collectively have over a hundred of years of experience in HIPAA, Health IT, privacy and security and web and database development. Here is the team:


Christopher Sullivan, PhD

Christopher Sullivan, PhD is the CEO of HIPAA Risk Analytics LLC. He spent five years developing this online security risk assessment with the help of these partners. He is also the CEO of Image Research, a communication consulting firm that specializes in medical informatics, HIPAA privacy and security, the Merit-based Incentive Payment System (MIPS), Health Information Exchange, Telehealth and health data analysis. He has taught courses in these areas at Florida State University, Florida International University and Nova Southeastern University. Christopher has three decades of experience in academics, in health-related management in Florida government and health care facilities, software development and multivariate data analysis.


Sue Miller, JD

Sue Miller, JD is a national HIPAA and HITECH health care expert and strategist who has consulted with covered entities, business associates, technology companies, Affordable Care Organizations, Regional Extension Centers, state Medicaid Agencies and federal agencies such as the Office of Civil Rights, the National Institute of Standards and Technology, and the Colleges of Medicare and Medicaid. Sue developed the NIST HIPAA Security risk analysis and audit tool as well as HIPAA privacy and security tools for risk analysis and assessment, audit, breach notification and HIPAA policies and procedures, plus contingency plans, disaster recovery plans, training plans and training materials used by both covered entities and business associates.


Walt Culbertson

Walt Culbertson is the founder and President of Connecting Healthcare®, dedicated to healthcare administrative and clinical transactions success since 2004. He is host and producer of "Jacksonville's Medical Update Show" and is a featured speaker at healthcare and industry conferences, forums, summits, and events. Walt is a leading HIT educator and lecturer, healthcare technologist and HIPAA authority. Walt's first book, Miracles and Meltdowns: "What We Didn't Know About Healthcare Until It Was Too Late," is a memoir of his wiofe's five-year war with cancer and the fractured American health care system.


Isaac Sullivan

Isaac Sullivan has worked as a software professional, web developer, database manager and lead research technologist for over two decades.