- Basic security practices (defining and managing access, backups, recoveries, and technical and physical security)
- Risk management (periodic reviews and evaluations, such as continuous monitoring)
- Personnel issues (access to information, onboarding, and release of staff)
Based on the users’ responses, the application provides recommendations for ways to reduce HIPAA risk. The tool’s user guide specifically states that the app is not meant to be a compliance tool and does not produce a statement of compliance. It’s also not going to win any awards for design. However, it is a helpful tool that accomplishes its goal, which is to assist healthcare practices in performing and documenting a Security Risk Assessment.