Skip to main content
CoreFolioHIPAA

Free assessment — 8 sections — about 59 minutes

Start your HIPAA self-assessment.

Eight sections covering every area of the HIPAA Security Rule — from your ePHI inventory through workforce, technical controls, encryption, physical safeguards, business associates, and incident response. The same scope OCR’s Risk Analysis Initiative audits.

What the Assessment produces

The Assessment turns your answers into a readiness score and, for paid users, three dated, signable documents, saved into your Digital Binder along with your action plan for today, this week and the next 90 days and federal fill-in templates. You also get these 3 key documents:

  • Risk Analysis Report — the assessment artifact OCR looks for under 45 CFR § 164.308(a)(1)(ii)(A). NIST SP 800-30 structured.
  • Risk Management Plan — the matching response under 45 CFR § 164.308(a)(1)(ii)(B). Organized as a 3-tier plan: this week, vendor conversations, and budget decisions. EHR-specific scripts attached as annexes.
  • 2026 Readiness Gap Report — forward look against the proposed 2026 Security Rule (90 Fed. Reg. 898).
Learn about the Digital Binder