Select the option that best represents your current clinic operations. Your results are generated locally and kept private.
Files are saved directly on office laptops, USB keys, local workstations, or physical folder cabinets.
We run a local medical server requiring user passwords, but lack active access logging or AES-256 hardware encryption.
Patient records sit in secure data centers using hardware-level AES-256 encryption, strict user query logs, and signed BAAs.
Staff share general computer logins or write down basic passwords on sticky notes; no MFA is active.
Every assistant, physician, and receptionist has a unique login, but Multi-Factor Authentication (MFA) is not enforced.
Unique accounts, role-based access policies (RBAC), and strict biometric or hardware-enforced MFA locks all terminals.
Staff copy folders to localized external USB drives once in a while. Recovery has never been tested.
Our servers sync database files nightly to a local backup NAS, but we lack off-site copies or regular restore drills.
Encrypted hourly snapshots route to air-gapped cloud centers. We run automated restoration drills monthly.
Basic antivirus software runs on workstations. No central network firewall or network monitors are in place.
We pay for business antivirus and run a standard hardware firewall, but lack active endpoint logging (EDR).
Active 24/7/365 Endpoint Detection, intrusion logs, and isolated phishing security barriers protect email nodes.
Administrative or receptionist staff do not undergo cybersecurity training or patient data privacy instruction.
Staff review and sign a compliance document annually, but we do not execute phishing simulation tests.
Monthly simulated attacks, interactive HIPAA/PHIPA micro-learning modules, and instant retraining sessions for staff.
Review your compliance and cyber risk metrics below.