HIPAA Compliance Checker

Assess your organization's HIPAA compliance obligations across PHI safeguards, breach notification, business associate agreements, risk analysis, and state-specific health privacy laws.

Six Compliance Domains

PHI Safeguards

Administrative, physical, and technical safeguards under the HIPAA Security Rule (45 CFR Part 164)

Access Controls & Audit Logs

User authentication, RBAC, audit trails, auto-logoff, and unique user identification requirements

Breach Notification Rule

60-day notification to individuals, OCR reporting for 500+ breaches, state AG notice, and media notification

Business Associate Agreements

BAA required provisions (45 CFR 164.504(e)), subcontractor flow-down, and termination procedures

Employee Training & Awareness

Workforce training requirements, security awareness programs, sanctions for violations, and documentation

Risk Analysis & Management

Security Rule risk analysis (45 CFR 164.308(a)(1)), management plans, remediation tracking, and evaluation

Key Regulations Covered

HIPAA Privacy Rule (45 CFR Part 160, 164 Subpart E)

HIPAA Security Rule (45 CFR Part 164 Subpart C)

HITECH Act (2009) — Breach notification & enforcement

Omnibus Rule (2013) — BA obligations & penalties

California CMIA (Confidentiality of Medical Information)

New York SHIELD Act (data security requirements)

Texas HB 300 (health privacy beyond HIPAA)

21st Century Cures Act (information blocking)

Free to Use

Get an instant HIPAA compliance assessment with specific CFR citations, penalty tiers, safeguard requirements, and an actionable compliance checklist.