HIPAA Security Rule self-assessment for small healthcare practices — free, client-side only
This 15-question self-assessment checks your practice's readiness across the five domains of the HIPAA Security Rule. It takes about 5 minutes.
At the end you will receive a risk score, a per-domain gap breakdown with CFR citations, an estimated exposure range, and a routing recommendation to the right compliance resources.
Who it's for: dental, family medicine, mental health, and other small healthcare practices that handle electronic protected health information (ePHI).
// IMPORTANT DISCLAIMERS
Estimates are for education only. Not legal advice, not a guarantee of any penalty or cost. Consult qualified legal counsel for your specific situation.
This readiness check is NOT the required Security Risk Analysis under §164.308(a)(1)(ii)(A). Completing this quiz does not satisfy that regulatory requirement. The full SRA workbook is a separate deliverable available in our Advanced Suite.
Not scored — used only to route you to the right resources at the end.
These inputs are used only to calibrate the cost-exposure estimate on your results page. They do not affect your compliance score. An estimate is fine.
Total staff who access ePHI (providers, admin, billing).
Active patient records in your EHR or paper/digital files.
// DISCLAIMER — Estimates for education only. Not legal advice, not a guarantee of penalty or cost. Consult counsel.
This readiness check is NOT the required §164.308(a)(1)(ii)(A) Security Risk Analysis. Completing it does not satisfy that regulation. The SRA workbook is a separate deliverable (included in the Advanced Suite).
Opens your mail client with your results pre-filled. No data is sent to us — this is a standard mailto: link that composes in your own email app.