Healthcare IT Vendor HIPAA Assessment Template

Vendor Name Contact Person Contact Email Assessment Date

General Information

Description of Services Provided Does the vendor access, transmit or store PHI? Yes No Is there a signed Business Associate Agreement (BAA)? Yes No

HIPAA Security Rule Safeguards

Safeguard	Implemented?	Comments
Administrative Safeguards	Yes No Partial
Physical Safeguards	Yes No Partial
Technical Safeguards	Yes No Partial

Policies & Procedures

Summary of HIPAA-Related Policies

Risk & Incident Management

Date of Last HIPAA Risk Assessment Breach Notification/Incident Response Procedure

Notes & Additional Comments