Free HIPAA Risk Calculator for Therapists

1.Do you have a signed Business Associate Agreement (BAA) with your EHR or practice management software?

2.Do you use a HIPAA-compliant email service (not Gmail, Yahoo, or standard Outlook) for client communication?

3.Have you updated your Notice of Privacy Practices (NPP) since January 2024?

4.Have you completed a formal HIPAA Security Risk Assessment (SRA) in the last 12 months?

5.If you do telehealth, do you use a HIPAA-compliant platform (not FaceTime, standard Zoom, or Skype)?

6.Are your psychotherapy notes stored separately from the general health record in your EHR?

7.Have you completed HIPAA training in the last 12 months (and documented it)?

8.Are all devices that store or access patient data encrypted?