Skip survey header

Security Self-Assessment

Security Self-Assessment:

To streamline, if multiple people oversee different areas within your organization, you may want to review + distribute the PDF version found on Alliance's website prior to taking the actual Assessment.

The HIPAA Security Self-Assessment questions are aimed to help you self-evaluate compliance with HIPAA laws and the protection of client personal and health information. The goal is to enhance your organization's understanding of your data security and privacy preparedness level.

After taking the survey, we will contact you via the email address given to set up a time to review. This review will take approximately 2-3 hours, during which we will go over your answers and ask clarifying questions that will help shape a gap analysis. 
Section 1: Security Assessment Basics
1. Please tell us who is completing the Self-Assessment *This question is required.
2. Has your organization completed a security risk assessment (SRA) before?
3. Do you ensure you are meeting current HIPAA security regulations?
Section 2: Security Policies
4. Do you maintain documentation of policies and procedures regarding risk assessment, risk management and information security activities?
5. How does documentation for your risk management and security procedures compare to your actual business practices?
Section 3: Security and Workforce
6. Do you have a designated person responsible for developing, implementing and maintaining information security policies and procedures? 
7. Do you identify and document the responsibilities of the information security officer?
8. Do you have specifications of roles and job duties by the need to access to protected health information (PHI)?
9. Do you screen your workforce members to verify trustworthiness?
10. Do you ensure that all workforce members (including management) are given HIPAA training?
11. Are procedures in place for monitoring log-in attempts and reporting discrepancies?
12. Is protection from malicious software (including timely antivirus/ security updates and malware protection) covered in your procedures?
13. Do you review password security elements in your security training?
14. Do you apply corrective measures to enforce security procedures?
Section 4: Security and Data
15. Do you manage and control personnel access to electronic protected health information (ePHI), systems, and facilities?
16. Do you have a process for authorizing, establishing, and modifying access to ePHI?
17. How are individual users identified when accessing ePHI?
18. Do you ensure all of your workforce members have appropriate access to ePHI?
19. Do you use encryption to control access to ePHI?
20. Do you periodically review your information systems for how security settings are implemented to safeguard ePHI?
21. Do you have hardware, software, or other mechanisms that record and examine activity on information systems with access to ePHI?
22. Do you have a mechanisms in place to log system activity?
23. Do you have automatic logoff enabled on devices and platforms accessing ePHI?
24. Do you protect ePHI from unauthorized modification or destruction?
25. Do you protect against unauthorized access to or modification of ePHI when it is being transmitted electronically?
26. Do you periodically review your information systems to identify and mitigate technical vulnerabilities?
Page 1 of 2