What is a HIPAA QUIZ

A Risk Assessment is essentially a questionnaire that evaluates how well your practice is adhering to HIPAA law. The goal of the risk assessment is to highlight and uncover any compliance vulnerabilities your practice may have.

*This should take you about 10 minutes to complete.

Recruitment row, question people and success of candidate with thumbs up for job interview at workp

Why should I care?

It’s an annual requirement under the HIPAA Security rule (Section 164 308(A)(1)(II)(A)).

Some Available Features of Our

Why should I care?​

annual requirement

It’s an annual requirement under the HIPAA Security rule (Section 164 308(A)(1)(II)(A)).
More Info


In the event of an audit from the Office of Civil Rights (they enforce HIPAA), you’ll need to document you have one on file.
More Info


Your patients entrust you to keep their PHI safe. You should be doing everything you can to make sure where you know where your compliance gaps lie so you can get them fixed as soon as possible.
Contact us

What are my options?


Complete it with PCIHIPAA and our team of compliance experts. No download required. Have one on one assistance with one of our senior compliance advisors. Complimentary consultation going over your customized Risk Report ($1,200 value). Completion Time: 10-15 minutes.


Complete it directly through the Department of Health and Human Services Security (HHS) Risk Assessment Tool. Download over 100 MB of software onto your computer. Answer confusing and complex questions with no help. Completion Time: 3-4 Hours.

What others are saying about EnviroMerica

“EnviroMerica was incredibly helpful in going through our annual Mandated HIPAA Risk Assessment with me, step-by-step and then offering solutions on how to improve any area that we were deficient.”
— Bill J, Compliance Officer
1 Step 1

1. Patients who believe that their PHI has been compromised have the right to make a complaint to the federal government.pick one!
2. Under HIPAA, patients are not allowed to view their own PHI.pick one!
3. Which of these are not one of the 3 Key HIPAA Safeguards?pick one!
4. Which of the following is NOT considered a business associate?pick one!
5. Which of the following is true about ransomware?pick one!
6. A practice’s employee’s access rights to PHI is usually determined by how long they have been employed with the practice.pick one!
7. Which of the following is considered a covered entity?pick one!
8. Under the HIPAA Security Rule, covered entities must do which of the following?pick one!
9. Employees having a conversation about a patient in a public area where the conversation can be overheard is not a HIPAA violation.pick one!
10. If you have trained your staff on HIPAA, but not on specific policies and procedures, no additional training is needed for employees.pick one!
FormCraft – WordPress form builder
CALL (650) 655-2045 Skip to content