Healthcare Data Security Risk Assessment Questionnaire
Organization Details
Organization Name
Department
Completed By
Date
General Data Security
What types of healthcare data do you store or process?
Where is the data stored?
How is data accessed by staff?
Are access controls in place and regularly reviewed?
Yes
No
Are all users required to use strong, unique passwords?
Yes
No
Data Transmission & Encryption
Is sensitive data encrypted at rest and in transit?
Yes
No
How is data transmitted between systems?
Are secure protocols (e.g., HTTPS, SFTP) used for data transfer?
Yes
No
Incident Response
Do you have a documented incident response plan?
Yes
No
When was the last security incident?
Describe the incident and the response taken.
Policies & Training
Are staff regularly trained on data security policies?
Yes
No
When was the last training session held?
Is there a formal data security policy?
Yes
No
Additional Comments