Is Your Practice Website
Exposing You to HIPAA Fines?
Find out in 30 seconds. Enter your website below for an instant compliance assessment across 73 checks.
No signup required. 70 compliance checks. Results in under 10 seconds.
How It Works
Enter Your Domain
Type your practice website URL. No signup, no installation, no access to your systems required.
We Run 70 Compliance Checks
Email authentication, SSL certificates, security headers, privacy policy, port exposure, login detection, backup files, and more — all in seconds.
Get Your Grade + Next Steps
See your HIPAA Agent Compliance Score™ (A-F) and which checks passed or failed. Upgrade for full monitoring.
What We Check
70 compliance checks aligned with HIPAA requirements. No access to your systems needed.
Email Authentication
SPF, DKIM, and DMARC records that prevent email spoofing and phishing attacks.
SSL/TLS Certificate
Encryption in transit — validates your website uses HTTPS with a current certificate.
Security Headers
HTTP headers that protect against XSS, clickjacking, and content injection attacks.
Privacy Policy
HIPAA Notice of Privacy Practices — required to be readily available on your website.
LDAP Exposure
Checks if directory services (ports 389/636) are exposed to the public internet.
RDP Exposure
Checks if Remote Desktop (port 3389) is exposed — the #1 ransomware entry point.
SMB Exposure
Checks if file sharing (port 445) is exposed — targeted by EternalBlue/WannaCry.
Exchange/OWA
Detects exposed Outlook Web Access login pages and Exchange autodiscover records.
Full HIPAA Monitor ($99/mo) runs a comprehensive HIPAA compliance assessment with monthly monitoring, grade tracking, and email alerts.
Every Vulnerability Has a Breach Playbook
Attackers don't need sophisticated exploits. These four gaps account for the majority of healthcare breaches.
Attacker spoofs your domain, sends fake invoice to patients or vendors, extracts payment or PHI.
Attacker brute-forces Remote Desktop, deploys ransomware, encrypts all patient records, demands payment.
Patient data transmitted in plaintext. Attacker intercepts PHI on public Wi-Fi or compromised network.
OCR investigates any breach. No documented risk assessment = automatic violation. Fines up to $2M per category.
HIPAA Monitor — Full External Compliance Monitoring
70 compliance checks, run monthly. Grade tracking over time. Email alerts when something changes. PDF reports you can show auditors.
30-day money-back guarantee. Cancel anytime.
HIPAA Agent in ChatGPT
Scan any website, look up any NPI, and get plain-English HIPAA guidance — directly inside ChatGPT.
Free. No signup. Available in the GPT Store.
Your Path to HIPAA Compliance
Start with a free scan. Upgrade as your compliance needs grow.
Lite Security Scan
70 compliance checks. Instant grade. See where you stand.
You are hereHIPAA Monitor
Comprehensive HIPAA compliance assessment. Monthly monitoring. Email alerts. PDF reports.
Start MonitoringSecurity Risk Assessment
NIST-aligned SRA. Management sign-off. Credits toward subscription.
Start SRACompliance Agent
SRA + policies + training + BAA + audit trail. Full HIPAA program.
Get CompliantFrequently Asked Questions
Is this scan safe? Will it affect my website?
Yes, completely safe. We only check publicly visible information — DNS records, SSL certificates, HTTP headers, and whether certain ports are open. We never access, penetrate, or modify any of your systems.
What’s the difference between the lite scan and full scan?
The free lite scan runs essential external checks. HIPAA Monitor ($99/mo) runs a comprehensive HIPAA compliance assessment monthly covering your full digital attack surface. You also get grade tracking, email alerts, and PDF reports.
Do I need to install anything?
No. Everything is scanned externally from the public internet. No software, no agents, no access to your network required.
How long does the scan take?
The lite scan completes in under 10 seconds. The full assessment takes about 60-90 seconds and runs automatically each month.
Can I use my scan results for HIPAA compliance?
The lite scan is a quick preview. HIPAA Monitor provides regulatory-mapped findings with HIPAA citations, fine exposure estimates, and remediation guidance — the documentation auditors look for.
Also available as a ChatGPT GPT and MCP integration
Everyone Wins When Healthcare Gets More Secure
External security monitoring creates a rising tide — every practice that improves makes the entire ecosystem safer.
Healthcare Practices
- Clear, actionable visibility into security posture
- Fix vulnerabilities before they become breaches
- Documented evidence for OCR audits
- Lower insurance premiums for good grades
- Patient trust through demonstrated security
Insurance Carriers
- Evidence-based underwriting, not honor system
- Continuous risk visibility during policy period
- Proactive loss prevention before claims hit
- Portfolio-level risk analytics and trends
- Actuarial intelligence that improves over time
Healthcare Industry
- Every fixed DMARC record reduces phishing for all
- Every closed RDP port blocks one ransomware vector
- Breach costs decline as baseline security rises
- Regulatory compliance becomes measurable
- Patient data gets incrementally safer, industry-wide