Venvera guided gap assessment with maturity scoring
A guided gap assessment — shown with sample data.

The HIPAA Gap Assessment evaluates your organisation's compliance maturity across 10 chapters covering all major provisions of the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

Chapters

#ChapterCFR ReferencesQuestions
1Privacy Rule — Uses & Disclosures164.502-164.5148
2Privacy Rule — Individual Rights164.520-164.5287
3Privacy Rule — Administrative Requirements164.5306
4Security Rule — Administrative Safeguards164.3089
5Security Rule — Physical Safeguards164.3105
6Security Rule — Technical Safeguards164.3126
7Security Rule — Organisational Requirements164.3144
8Security Rule — Policies, Procedures & Documentation164.3164
9Breach Notification164.400-164.4146
10HITECH Act & EnforcementHITECH Sec. 13400-134115

Maturity Scoring

Each question uses a 0-4 maturity scale:

  • 0 — Not Implemented: No measures in place
  • 1 — Initial: Ad-hoc or informal measures
  • 2 — Developing: Documented but inconsistently applied
  • 3 — Defined: Formally documented and consistently applied
  • 4 — Optimised: Continuously monitored and improved

Understanding Your Score

The gap assessment dashboard displays:

  • Overall compliance score — Weighted average across all chapters, displayed as a percentage with a compliance ring
  • Chapter-by-chapter breakdown — Individual scores per chapter, highlighting areas of strength and weakness
  • Priority gaps — Questions scored 0 or 1 that represent the highest compliance risk
  • Trend over time — If you run periodic assessments, track improvement over time

Cross-Framework Propagation

Certain HIPAA gap assessment questions are linked to equivalent controls in other frameworks (ISO 27001, NIST CSF, SOC 2, etc.). When you score a HIPAA question at 3 or above, equivalent controls in other enabled frameworks are automatically updated — and vice versa. This reduces duplicate assessment effort when managing multiple compliance frameworks.