If you’ve been looking for a simple tool to help you with an initial self-assessment of how compliant you are with the HIPAA Security Rule, the ONC – in collaboration with the HHS Office for Civil Rights (OCR) and the HHS Office of the General Counsel (OGC) – developed a downloadable tool to help guide you through the process. This tool walks you through the steps of completing an inventory of systems that contain or may contain ePHI, then guides you through 155 questions to generate compliance responses to each of the physical, administrative and technical safeguards required under the Security Rule.
While the tool is an excellent first step to evaluating your HIPAA security posture, please note that there’s a small glitch we’ve noticed in the Windows version where the responses to questions T41, T42, A61, O2 and O3 don’t get saved for some reason. Once you’ve completed all the rest of the questions in the tool, I recommend exporting your results to Excel (click “Report” > “Create PDF/Excel” buttons), then adding these 5 back in and tracking your responses from the spreadsheet until your self-assessment is complete.