The dashboard is your ultimate progress and support tool. It contains progress reports for each section, this tutorial, and a link to the support team.

At any time while using the HIPAAgps platform, you can click and go to your dashboard to gauge where you are at on the road to completing HIPAAgps.

The Risk Assessment combines about 500 HIPAA-compliance questions, based on the National Institute of Standards and Technology’s (NIST) assessment, with guidance and support to help you get your organization up-to-speed with HIPAA compliance.

The assessment is long, but the process is easy. Feel free to take breaks. We’ll have your information saved and you can pick up where you leave off.

Pick a section and start the assessment.

We recommend starting with Administrative Safeguards.

Read the question and select your answer.

Tip: Answer questions honestly based on the current status of your organization, not based on what you know your answer should be.

Tip: Use the text boxes not only when an answer is required, but also as a note-taking aid on all the questions. Any record/note keeping will help you in case of a HIPAA investigation.

• Upload a new document.
• Select a previously uploaded document.
• Download one of our templates, adjust it, and then re-upload.
• Or, select that you have the documentation, but will be keeping it locally rather than uploading.

Download our policy and procedure templates and adjust them to fit your organization.

Tip: Red lettering in the templates indicates that you need to insert specific information into the document, like your organization’s review frequency.

Click the “Best Practices” tab on questions that provide a best practice recommendation.

Our Best Practice recommendations give you specific advice concerning various HIPAA standards like review-and-update time frames.

•  Good job! You’ve completed this question satisfactorily according to the HIPAAgps standards.
•  We recommend that you review this question and perform any necessary actions to change or complete your answer.
•  You have not answered this question yet.

The dot indicators provide an at-a-glance task list to help you see and jump to questions that need more attention and/or still need addressing.

Tip: Each question pertains to a HIPAA requirement, so a question that needs attention is an area of HIPAA compliance that your organization needs to address.

The Policies and Procedures section provides a list of required documents, file storage, version control and starter templates.

You can easily store your HIPAA policies, procedures, plans, lists, training documents and inventories in one convenient place.

However, you will need to continue to update your documents and add new custom documents as you see fit.

Tip: You may have one document that incorporates several of the documentation requirements.

Tip: You can use the Custom Documentation section in the P&P tool to detail your in-house employee training sessions. Then assign that document to employees who attended the training for sign-off and tracking purposes.

• Your organization’s size, complexity and the services you provide.
• Your organization’s technical infrastructure, hardware and software capabilities.
• The cost of your security measures
• The potential day-to-day security risks and your critical operations.

The Employee Training tool incorporates two separate platforms: one for you, as the administrator, and one for your organization’s employees.

The administrator tool allows you to create employee profiles; assign specific policies, procedures and training documents; and monitor employee progress.

Create employee training profiles.

Insert the employee’s name and email.

Assign specific policies, procedures and training documents for that employee to read and sign.

In the employees’ profiles, they will watch training videos, take quizzes, and read and initial for assigned documents.

Create profiles for each of your business associates.

Construct agreements by downloading our Business Associate Agreement Template or uploading your own agreement document.

Insert your associate’s email and information, sign for the document and then send.

Your associate will receive an email with a link to the document signing page.

They can sign and download the document for their records.

Once they sign, your BAA administrative view will show their agreement as complete with a time stamp.

Tip: We highly recommend that you watch these videos before assigning employee training.

• As one of your organization’s main points of contact for HIPAA, it’s important that you know and are prepared to help your employees with their HIPAA questions.

PHI cannot be uploaded, typed in a text box, or in any other way detailed in the HIPAAgps system.

For example, having a Patient Privacy Policy signed by each of your patients is a HIPAA requirement. While an unsigned Patient Privacy Policy will most likely not include any PHI, as soon as the document receives a signature or patient name, it becomes a PHI document, and therefore must NOT be uploaded to the HIPAAgps system.