DEMO PREVIEW — sample data for illustration only
SAMPLE REPORT — this is what you see after completing the free quiz
Your HIPAA Compliance Report
Based on 15 questions from the OCR audit protocol
58/100
Grade: D
Moderate Risk
Your practice has some compliance measures in place, but significant gaps remain that could result in penalties during an OCR audit.
Estimated Fine Exposure
Up to $320,000
Based on 8 compliance gaps found. OCR fines range from $100 to $1.9M per violation category, per year. This estimate uses typical enforcement amounts for small practices.
Your Top 3 Priorities
1
No Security Risk Assessment
45 CFR 164.308(a)(1)
2
Missing Business Associate Agreements with one or more vendors
45 CFR 164.308(b)(1)
3
Patient data not encrypted at rest or in transit
45 CFR 164.312(a)(2)(iv), 164.312(e)(2)(ii)
Critical Violations (3)
No Security Risk Assessment
Required by 45 CFR 164.308(a)(1)
75% of all OCR fines cite this as a violation. This is the single most important HIPAA document.
Missing Business Associate Agreements with one or more vendors
Required by 45 CFR 164.308(b)(1)
OCR fines up to $1.5M per missing BAA category.
Patient data not encrypted at rest or in transit
Required by 45 CFR 164.312(a)(2)(iv), 164.312(e)(2)(ii)
Under the 2026 rule, encryption becomes mandatory (no longer addressable).
High Risk (3)
No written security policies
Required by 45 CFR 164.316
Staff sharing login credentials
Required by 45 CFR 164.312(a)(2)(i)
Shared credentials make it impossible to track who accessed patient data.
No documented proof of HIPAA training
Required by 45 CFR 164.530(b), 164.308(a)(5)
Needs Attention (2)
No designated Security Officer
45 CFR 164.308(a)(2)
No breach notification procedure
45 CFR 164.404
What You're Doing Right (4)
Has Notice of Privacy Practices posted
Has a designated Privacy Officer
Has written HIPAA privacy policies
Restricts workforce access to patient data by role