Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Compliance Score & Posture Trend

Your compliance score (0–100, graded A–F) is a single, weighted read on how your HIPAA program is doing right now. It's computed live across five dimensions:

  • Findings (30%) — the share of findings that are resolved, accepted, or marked false-positive vs. still open.
  • Policies & docs (20%) — coverage across the policy types, minus a penalty for any overdue for review.
  • Training (20%) — the share of active members with a completed training record in the last year.
  • Incident response (15%) — penalized for incidents left open too long.
  • Business associates (15%) — the share of active vendors/BAs with a signed BAA.

The posture trend

Once a day a snapshot of your score is recorded. Score History shows today's score immediately, plus a 90-day trend chart once a few days of snapshots have accrued. The trend is org-wide and continuous — distinct from the per-assessment score, which is recorded only when an assessment is completed.

Drift alerts

If your score drops by 5 or more points versus the previous snapshot, your org admins are notified (the alert names which dimensions regressed). This is the "3 controls slipped this quarter" early-warning — catch a regression before an auditor does. The alert respects the weekly-digest notification preference.

Gap analysis

Reports → Gap Analysis turns the score into a work list. Pick a target (default A / 90) and the report shows every program dimension and assessment category that's below it — worst gap first — with the points-to-target and a concrete next action for each ("resolve the open findings", "answer the 4 remaining Security questions and remediate the gaps", "get a BAA on file"). It's deterministic (no AI): program scores come from findings, policies, training, incidents, and BA coverage; category scores come from your assessment answers. When nothing is below target, it says so.

OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.