HECVAT version 4 released 11th of Feb, 2025. Get up to speed with our review here!
Home
Articles
Docs
About
Contact
Back to HECVAT v4.1.0
HIPA
HIPAA Compliance
Question ID
Question
Importance
Weight
HIPA-29
Data Backup & Retention for HIPAA
Critical
10
HIPA-28
Business Associate Agreement (BAA) Readiness
Critical
10
HIPA-27
HIPAA Compliance Attestation Documents
Critical
10
HIPA-26
Disaster Recovery & Emergency Operations
Critical
10
HIPA-25
External Storage of Application Logs
Critical
10
HIPA-24
Application Log Archival Capabilities
Critical
10
HIPA-23
Access & Change Log Retention Periods
Critical
10
HIPA-22
Administrative Activity Logging Requirements
Critical
10
HIPA-21
User Access Logging & Tracking
Critical
10
HIPA-20
Remote Support Account Security
Critical
10
HIPA-19
User Group Assignment Limitations
Critical
10
HIPA-18
Role-Based Record Access Control
Critical
10
HIPA-17
Granular Administrative Permissions
Critical
10
HIPA-16
User Access Level Configuration
Critical
10
HIPA-15
Institution Password Control
Critical
10
HIPA-14
Password Encryption & Protection
Critical
10
HIPA-13
Automatic Session Timeout Controls
Critical
10
HIPA-12
Failed Login Account Lockout
Critical
10
HIPA-11
Mandatory Password Reset Requirements
Critical
10
HIPA-10
90-Day Password Rotation Policy
Critical
10
HIPA-09
Risk Mitigation Implementation
Critical
10
HIPA-08
HIPAA Security Rule Risk Analysis
Critical
10
HIPA-07
HITECH Act Compliance Requirements
Critical
10
HIPA-06
HIPAA Privacy & Security Officers
Critical
10
HIPA-05
HIPAA Regulatory Change Monitoring
Critical
10
HIPA-04
Subcontractor BAA Requirements
Critical
10
HIPA-03
Policy and Plan Testing Verification
Critical
10
HIPA-02
Risk Area Identification Process
Critical
10
HIPA-01
HIPAA Workforce Training Programs
Critical
10
Showing 29 of 29 questions
Showing 29 of 29 questions
Ready to unlock your education sales?
100% focus
Right-sized programs that fit your budget
From assessment to implementation
