OGC
Support Center12-Step Walkthrough

12-Step Compliance Walkthrough

Detailed guides for every step in the OGC compliance portal. Follow each article in order to build a complete, audit-ready HIPAA program.

Full article content requires a portal account

All 12 Steps

  1. 1

    Step 1: Assign Privacy Officer

    Designate the person responsible for HIPAA compliance at your organization and configure them in the portal.

  2. 2

    Step 2: Security Risk Assessment

    Complete the Security Risk Assessment (SRA) in the portal — the foundational HIPAA requirement for every organization.

  3. 3

    Step 3: Gap Analysis

    Read your gap report, understand severity levels, and prioritize which vulnerabilities to address first.

  4. 4

    Step 4: Remediation Plans

    Create formal remediation plans for identified gaps, assign owners, set deadlines, and track progress.

  5. 5

    Step 5: Review Policies

    Browse the HIPAA policy library, understand CE vs. BA policy categories, and select the policies that apply to your organization.

  6. 6

    Step 6: Publish Policies

    Publish selected policies to your workforce, configure attestation requirements, and track acknowledgment completion.

  7. 7

    Step 7: User Invites and Training

    Invite employees to the portal and ensure they complete the three required training activities: policies, HIPAA 101, and cybersecurity.

  8. 8

    Step 8: Vendor Management

    Add vendors who handle PHI, execute Business Associate Agreements, track BAA status, and assess vendor risk scores.

  9. 9

    Step 9: Physical Site Audit

    Complete the physical safeguards audit for your facility — workstations, server rooms, visitor access, and device disposal.

  10. 10

    Step 10: IT Risk Questionnaire

    Complete the technical controls assessment covering your network, systems, access management, and security monitoring.

  11. 11

    Step 11: Data Device Audit

    Build and maintain your ePHI device inventory, classify devices by risk level, and document disposal and encryption status.

  12. 12

    Step 12: Incident Management

    Report, investigate, and document security incidents and breaches — including breach notification timelines and OCR reporting.

Ready to start?

Log in to your portal account to read each guide and track your compliance progress step by step.

Open PortalContact Support