Your compliance score is a signal — not a grade. It shows how much of your HIPAA program is in place and where the gaps are. Here's how to read it and what to work on first.
How the score is calculated
Your overall compliance score is a percentage (0–100%) calculated as a weighted average of seven dimensions:
| Dimension | Weight | What it measures |
|---|---|---|
| Team Member Progress | 30% | Training completion, policy reviews, and team onboarding |
| Security Risk Assessment | 25% | Whether you have a current, completed risk assessment |
| Policy Adoption | 15% | How many required HIPAA policies are published |
| BAA Signing | 10% | Whether vendors with PHI access have signed BAAs |
| Inventory Mapping | 10% | Whether your data inventory is documented |
| Incident Response Activation | 5% | Whether your incident response plan is set up |
| Privacy Officer Assignment | 5% | Whether you've designated a Privacy Officer |
Two organizations with the same overall score can have very different profiles — one might excel at training but lag on vendor management, while another has perfect BAA coverage but hasn't started their risk assessment.
Your compliance score on the dashboard
The main dashboard shows your overall score as a percentage with a gauge meter, your compliance tier (e.g., "Mature", "Achieving"), and individual progress for each of the seven dimensions. You can refresh the score anytime to see your latest progress.
What to prioritize
Focus on the dimensions with the highest weight first:
- Team Member Progress (30%) — Make sure training is assigned and completed, policy reviews are acknowledged, and your full team is onboarded.
- Security Risk Assessment (25%) — Complete your annual risk assessment. This is the single biggest driver of your score.
- Policy Adoption (15%) — Publish your HIPAA policy library. Accountable provides templates — you just need to review and publish.
The remaining dimensions — BAAs, inventory, incident response, and Privacy Officer — are smaller individually but collectively account for 30% of your score and are among the first things an auditor will check.
Building a remediation plan
If your risk assessment or a security test surfaces findings that need work, you can build a formal remediation plan. See Remediation plans for how to create, assign, and track them.