Your HIPAA Security Path

Nine chapters in three steps — work through them in order or skip to whatever’s most urgent; your answers save automatically in this browser and never leave your device until you download your Practice Security Manual.

Pre-flight

Your Practice

Practice name, sanction official, cure period, and compliance archive location — the four facts that personalize every policy template in your manual.

Set up

Step 1 · 0 of 3 done

Set the foundation

The big-three gaps for solo or small practices — mostly tech setup.

  1. Chapter 1

    3 questions

    BAAs & Email

    Confirm your email provider offers a HIPAA Business Associate Agreement — the biggest gap most solo or small practices miss.

    Not started

    Start

  2. Chapter 2

    2 questions

    Your Devices

    Inventory the laptops, phones, and tablets that touch patient data and confirm each one is encrypted.

    Not started

    Start

  3. Chapter 3

    2 questions

    Your Passwords

    List the accounts that reach patient information and turn on a password manager and multi-factor authentication.

    Not started

    Start

Step 2 · 0 of 3 done

Run your practice

How patient data flows through your week.

  1. Chapter 4

    2 questions

    Your Workspace

    Walk through the physical spaces where you see patients or work with records, and secure the basics.

    Not started

    Start

  2. Chapter 5

    6 questions

    Your Training

    Build a short, honest training record — security reminders, malware, logins, and password management.

    Not started

    Start

  3. Chapter 6

    3 questions

    If Something Goes Wrong

    Pre-decide how you would handle a lost device, ransomware, a mis-sent email, or a breach — before it happens.

    Not started

    Start

Step 3 · 0 of 3 done

Document your program

What an auditor (or future-you) reads to see what you've built.

  1. Chapter 7

    4 questions

    Your Paperwork

    Set a review cadence and confirm your written policies, retention, and availability are in shape.

    Not started

    Start

  2. Chapter 8

    7 questions

    Your Security Foundation

    Risk analysis, risk management, sanctions, activity review, the named Security Official, and periodic evaluation.

    Not started

    Start

  3. Chapter 9

    7 questions

    Your Systems

    Technical safeguards — unique accounts, emergency access, auto-logoff, encryption, audit logs, integrity, transmission.

    Not started

    Start

Your progress

Download your manual — 9 chapters open

Replace your current progress?

Importing this file will overwrite the answers currently saved in this browser. This cannot be undone.