ProductsAboutFAQGet the Complete SystemBlogContactFree Checklist
A Self-Audit · Under 30 Minutes

Could a breach tomorrow end your practice?

OCR has driven most 2025–2026 enforcement actions against small practices through its Risk Analysis Initiative. Small practices with documentation gaps have paid five-figure settlements plus two years of federal oversight after a single breach.

This free 14-page checklist tells you — in under 30 minutes — exactly where you stand.

44
Questions across
six OCR focus areas
6
Sections covering
admin · tech · breach
≤30
Minutes to complete
with your documentation
Free Download · 14 pages $0
Get the checklist.
Enter your email. We'll send the PDF to your inbox. No spam, unsubscribe anytime.
By submitting, you agree to receive the checklist and occasional HIPAA compliance updates. See our privacy policy.
Attorney-Developed 14 Pages · 44 Questions
Check your email.
We just sent the HIPAA Risk Assessment Checklist to your inbox. Click the link in the email to confirm and you'll get the PDF immediately.
Didn't see it? Check spam or promotions.
What's inside

Six sections. Every area OCR examines.

Each section maps to a specific set of HIPAA requirements under 45 CFR § 164. You'll answer Yes / Partial / No / Unknown — and every gap turns into a specific, fixable action item with references to the relevant regulations.

§ 01

Administrative Safeguards

Risk analysis, risk management plan, workforce training, sanctions policies, termination procedures.

10 Questions
§ 02

Physical Safeguards

Workstation security, paper PHI storage, device inventory, encryption, visitor logs, secure destruction.

8 Questions
§ 03

Technical Safeguards

Unique logins, MFA, audit logs, encryption at rest and in transit, backups, patching, phishing training.

10 Questions
§ 04

Business Associates & Vendors

BAA inventory, signed agreements, security posture review, termination procedures.

5 Questions
§ 05

Patient Rights & NPP

Notice of Privacy Practices (Feb 2026 Part 2 update), Right of Access, amendment and restriction procedures.

5 Questions
§ 06

Breach Response Readiness

Written plan, four-factor test, patient/HHS/media templates, tabletop exercise, cyber liability coverage.

6 Questions
Inside the PDF

Designed to be used, not filed.

Every page is built for a working medical office — fillable on screen, printable for a clipboard, scoreable in minutes. Navy and gold accents hold up on a laser printer. Three sample pages below.

Lifeline Compliance Vol. 01 · 2026
A Self-Audit · Under 30 Minutes
The HIPAA Risk Assessment Checklist
For independent medical practices navigating the 2026 OCR enforcement climate.
Audience
Solo & small practices
Sections
Six · 44 questions
Author
Lifeline Compliance
Lifeline ComplianceVol. 01 · 2026
§ 01 Administrative Safeguards 10 Q
Policies, procedures, and workforce practices that govern how your practice handles PHI. Most OCR findings land here.
1.1Written, dated, signed risk analysis (12 months)
1.2Risk management plan with ownership and dates
1.3Privacy & Security Officer designated in writing
1.4Privacy Rule policies reflecting operations
1.5Security Rule policies (admin · physical · tech)
1.6Workforce sanctions applied consistently
1.7Initial HIPAA training, documented
1.8Annual refresher training, documented
§ 01 Score6 / 10
§ 01 of 06 · AdministrativePage 03
Lifeline ComplianceVol. 01 · 2026
The Verdict

Your total score.

31 / 44
38–44Strong

You are in good shape.

Core documentation and controls are in place. Review annually.

28–37Moderate

Foundation solid, gaps remain.

Any single gap could become a finding. Focus on Admin, Technical, Breach Response.

16–27Significant

Inconsistency is the problem.

Small practices here have paid five-figure settlements. Closable in 30–60 days.

0–15High Risk

Cannot demonstrate compliance today.

A breach would likely result in findings and a corrective action plan.

Score interpretationPage 08
Page 01 · Cover — Page 03 · Administrative — Page 08 · Scoring
After the checklist

Every No — fillable in an afternoon.

The checklist shows you where the gaps are. The Complete HIPAA Compliance System gives you the documentation to close each one — attorney-drafted, practice-ready, no retainer required.

Product · Complete System2026 Edition

Complete HIPAA Compliance System

The full documentation pack — risk analysis template, risk management plan, Privacy & Security policies, Breach Response Kit, BAA templates, training materials, patient request logs, and the updated 2026 NPP.

$449 One-time · No subscription
See What's Included →

What's included

  • Risk Analysis Template
    Worksheets for a compliant § 164.308 analysis in one afternoon.
  • Risk Management Plan
    Turns the analysis into a prioritized action list with owners and dates.
  • Privacy & Security Rule Policies
    Full P&P set written for independent practices.
  • Breach Response Kit
    Patient, media, and HHS OCR report templates — plus tabletop scripts.
  • BAA Template & Tracker
    Drop-in BAA and inventory sheet for every vendor on your list.
  • Workforce Training & Logs
    Training materials and attendance records you can sign and file.
  • Notice of Privacy Practices
    Updated for the February 2026 Part 2 substance use disorder requirements.
Compliance Without the Complexity
PRODUCTS
Complete HIPAA Compliance SystemBreach Response KitCompliance Management SystemCore Documentation System
COMPANY
AboutFAQBlogContactsupport@lifelinecompliance.comTerms of ServicePrivacy Policy

The documents provided by Lifeline Compliance are attorney-developed templates for general informational and practice use only. They do not constitute legal advice and do not create an attorney-client relationship. Practices should consult qualified legal counsel for jurisdiction-specific compliance guidance, complex regulatory matters, or active government proceedings.

Copyright 2026 Highland Summit Consulting. All rights reserved.