1) Is your web site using the required 2048 Bit or better SSL encryption model?

2) Are you using an encrypted email gateway? If not, who, what and where is your email hosted?

3) Do you block all unsafe attachments in incoming and outgoing e-mail?

4) If you use web based email, is it on a secure server? Who is hosting it?

5) Do you have a VPN for outside system access? If so, who is using it?

6) Do you have a centralized Virus strategy on both your servers and desktops?

7) Is Malware protection installed on all your systems?

8) Do you rotate all your computer account passwords before the maximum 90 day period?

9) Is your 3rd party billing, accounting, and scheduling software HIPAA compliant?

10) Do you have a procedure to apply security patches to the operating systems of you computing equipment?

11) Are your servers and offsite computers encrypted?

12) Do you have offsite data backup?

13) Do you do or have regular IT audits?