Everything you need. Nothing you don't.
27 Questions
Scans auto-fill roughly 60% of your assessment from real infrastructure evidence. You answer 27 questions about things only you would know — your people, your physical space, your vendors, your processes.
5 Categories
Questions organized into 5 categories: People & Policies, Incident Response, Backup & Disaster Recovery, Physical Environment, and Vendors & Systems.
AI Gap Analysis
Your AI compliance officer analyzes your responses against HIPAA requirements. Identifies gaps, assigns risk levels, and maps remediation priorities.
PDF Report
Complete Security Risk Assessment document. Suitable for OCR auditors, cyber insurance underwriters, and internal compliance teams.
Real Infrastructure Evidence
Unlike questionnaire-only SRAs, HIPAA Agent scans your actual infrastructure with 73 external tools and a 12-phase internal network assessment. Findings map directly to HIPAA Security Rule requirements with real evidence, not self-reported guesses.
Required by federal law
Requires all covered entities and business associates to conduct an accurate and thorough assessment of potential risks and vulnerabilities.
The HHS Office for Civil Rights (OCR) has levied over $140 million in HIPAA enforcement actions. The most common citation: failure to conduct a risk assessment.
A current SRA is the single most important compliance document you can have. It demonstrates good faith effort to OCR investigators.
The deadline is May 2026
The HIPAA Security Rule update requires every healthcare practice to demonstrate compliance across 13 mandatory requirements by May 2026. This SRA assesses your readiness against all 13 — including encryption at rest, MFA, network segmentation, backup capability, and ePHI flow mapping.
Four steps. Your pace.
Start your assessment
Pay $499. The agent confirms your NPI and practice details from the NPPES registry.
Questions arrive by email
27 questions across 5 categories. Reply directly to the email, or answer them in your HIPAA Agent GPT in ChatGPT. Plain language — no HIPAA jargon. About 15-20 minutes.
AI analyzes your responses
Your AI compliance officer combines comprehensive multi-tool scan evidence with your answers, maps everything to specific HIPAA Security Rule requirements, identifies gaps, evaluates risk levels, and prioritizes remediation.
Report delivered
Complete SRA document: executive summary, gap analysis, risk matrix, remediation roadmap, and regulatory citations. PDF in your inbox. Plus a 30-day AI compliance officer email sequence helping you remediate every finding.
The HIPAA Compliance Platform ($299/month) keeps your AI compliance officer working for you — monthly scanning, 24 policies, staff training, BAA management, evidence packages, and annual SRA refresh.
What's in your SRA
Executive Summary
Practice overview, assessment scope, overall risk posture, and key recommendations.
Gap Analysis
Each HIPAA requirement mapped to your current state. Gaps identified with specific deficiency descriptions.
Risk Matrix
Likelihood x Impact scoring for each identified risk. Visual risk heat map.
Remediation Roadmap
Prioritized action items. Quick wins vs. long-term improvements. Estimated effort for each.
Regulatory Citations
Every gap mapped to the specific HIPAA section: 164.308, 164.310, 164.312, 164.316.
Compliance Score
Your HIPAA Agent Compliance Score™ reflecting both your external scan and risk assessment findings.
Common questions
The most important HIPAA document you can have
comprehensive multi-tool scan + 27 questions. AI analysis. PDF report. $499 one-time.
Start Your Assessment