HIPAA Security Rule · 45 CFR 164

HIPAA Security Risk Assessment
for Business Associates

15 weighted questions covering administrative, physical, technical, and organizational safeguards — scored 0–100.

Assessment Progress 0 / 15 answered
Administrative Physical Technical Organizational

Answer all 15 questions to unlock your results.

🔒

Your results are ready

Enter your work email to receive your full HIPAA Risk Assessment report, personalized recommendations, and compliance resources.

🔐 We respect your privacy. No spam — ever.

out of 100

⚠️ Immediate Action Required — Critical Control Gap

📊 Score by Category

🎯 Prioritized Recommendations

Sorted by severity and question weight. Address critical and high-severity items first.

🛡️ Recommended HIPAA Compliance Tools

These platforms can help you close the gaps identified in your assessment. Disclosure: links may be affiliate partnerships.

Need expert guidance on your HIPAA program?

Get a personalized consultation from a certified HIPAA security professional.

Disclaimer: This tool supports, but does not constitute, the risk analysis required by 45 CFR 164.308(a)(1)(ii)(A), and is not legal advice. A compliant risk analysis is an accurate, thorough, organization-wide assessment of risks to all ePHI. Regulatory basis: 45 CFR 164.308, 164.310, 164.312, 164.314, 164.316; HITECH Act / 2013 Omnibus Rule. Consult qualified legal counsel or a certified security professional. Rule base as of 2026-05; OCR's January 2025 NPRM proposes additional BA-specific requirements not yet in final rule.