Cyberuptive
Contact Us

Healthcare · HIPAA Security Rule · OCR-aware

HIPAA Compliance Assessment.

Fifteen honest questions across the three HIPAA Security Rule safeguard families — Administrative, Physical, and Technical — with healthcare-specific framing for ePHI, medical devices, ransomware, and third-party risk. About ten minutes. No email required to see your score.

  • Mapped to HIPAA Security Rule 45 CFR §164 + 2024 NPRM
  • Maturity scored Initial → Optimized per safeguard family
  • Scoring runs locally in your browser
  • Optional written report + 30/60/90 plan on request
Administrative Safeguards Physical Safeguards Technical Safeguards
Question 1 of 15 0%

Choose the option that best describes your current state

What it covers

Three safeguard families. Fifteen honest questions.

Built around the threat picture we actually see in healthcare engagements: ransomware on EHR-adjacent infrastructure, business email compromise leading to PHI exposure, and medical devices that complicate every patch cycle. The score gives leadership a place to start the conversation with the Privacy Officer and the Security Official.

  • Administrative Safeguards

    Risk analysis, workforce training, access management, contingency planning, and the policies OCR will ask for first.

  • Physical Safeguards

    Facility access, workstation use, device and media controls — the physical perimeter around ePHI and medical devices.

  • Technical Safeguards

    Access control, audit logs, integrity, transmission security, and the controls OCR examiners verify in evidence.

FAQ

About this assessment

Don't see your question? Talk to a real person — 833-92-CYBER.

  • Is this the same as an OCR audit?

    No. OCR audits use the OCR Audit Protocol and exercise documented evidence against every applicable specification. This is a fast self-check meant to surface the obvious gaps a covered entity should fix before a self-assessment, an OCR investigation, or a HITRUST engagement.

  • Does this address ransomware and medical devices?

    Yes. The Technical Safeguards domain includes immutable backups and incident response, and the Physical Safeguards domain includes a medical-device inventory question. Healthcare is the most attacked sector in the US; the assessment is calibrated for that reality.

  • Does it reflect the 2024 NPRM updates?

    Yes. MFA, encryption, audit logging, and incident-response questions are written to the direction of the 2024 NPRM — explicit MFA, mandatory encryption defaults, and tested contingency plans — so closing those gaps stays useful when the rule finalizes.

  • Do I need to give an email address?

    No. The assessment runs entirely client-side. If you want a written report and a remediation roadmap from our team, you can request one at the end — but the score itself is yours immediately.

Talk to a real engineer

Need a security partner who understands HIPAA?

Whether you're scoping a managed SOC, preparing for an OCR review, or shoring up after a near-miss — we can help.

Schedule a discovery call Call 833-92-CYBER