External HIPAA Observable Control Scanner

HIPAA Risk Visibility
In Minutes, Not Months.

Scan externally observable HIPAA control signals. Get a deterministic score with evidence-backed findings. Runtime and administrative controls clearly marked when they require internal assessment.

Free External Scan How It Works Talk to Sales

No credit card required. Results in under 5 minutes.

25+

Observable Checks

Safeguard Categories

< 5min

Full Scan Time

$10K

Per Violation (Tier 3)

The HIPAA Problem

OCR fines hit $2.7B in 2025. Most hospitals don't know they're exposed until the audit letter arrives. By then it's too late.

⏱️

Consultants Are Slow

6-month assessments. $200K+ engagements. By the time you get the report, your environment has changed.

📋

Checklists Miss Reality

Spreadsheet audits don't scan your actual systems. They check policies, not implementations.

✓

Evidence Beats Claims

When OCR asks for proof, you need documented evidence with clear methodology — not just opinions.

How Archangel Works

Enter Domain

Point us at your patient portal, EHR login, or any web-facing healthcare system.

External Scan

25+ checks on externally observable controls. Technical safeguards verified from public signals.

Get Your Score

Deterministic scoring with findings mapped to HIPAA sections (§164.308, §164.310, §164.312).

Receipt Record

Every scan produces a chain-linked receipt with payload hash and integrity token.

What We Check

Real HIPAA sections. Observable controls verified externally. Runtime/admin controls marked UNKNOWN when internal assessment is required.

🔒

Technical Safeguards

§164.312

✓Transmission Security (HSTS)
✓Access Controls & Authentication
✓Audit Controls & Logging
✓Integrity Controls (CSP, X-Frame)
✓MFA Indicators
✓TLS Configuration

📋

Administrative Safeguards

§164.308

✓Notice of Privacy Practices
✓Business Associate Agreements
✓Security Awareness Training
✓HIPAA Documentation
?Risk Analysis(runtime)
?Incident Response(runtime)

🏥

Physical Safeguards

§164.310

✓Facility Access Controls
✓Workstation Security
✓Device & Media Controls
?Contingency Planning(runtime)
✓Asset Accountability
✓Data Backup Procedures

\u26A0\uFE0F Runtime controls cannot be verified from external scan. These require internal assessment and are marked UNKNOWN with violation_count: 0.

Transparent Scoring

No black boxes. The algorithm is documented. You know exactly how your score is calculated. Only externally observed findings affect the score.

Severity Weights

CRITICAL-25 points

HIGH-15 points

MEDIUM-8 points

LOW-2 points

Base score: 100. Observed findings subtract based on severity.

Grade Thresholds

A≥ 90

B≥ 75

C≥ 60

D≥ 40

F< 40

Simple Pricing

Start free. See results. Then decide.

Scan

Free

One-time external scan

✓External control scan
✓Observable control score (A-F)
✓Finding breakdown
✓Exposure estimate
✓Chain-linked receipt

Run Free Scan

Professional

$799/month

For hospitals

✓Daily automated scans
✓Up to 200 assets
✓Full report suite
✓Priority support
✓API access
✓Custom checks

Start Trial

Enterprise

Custom

For health systems

✓Unlimited assets
✓Continuous scanning
✓Custom integrations
✓Dedicated CSM
✓SLA guarantee
✓On-prem option

Contact Sales

Evidence-Backed Findings.

Every finding includes the evidence that triggered it. Scan results are chain-linked with integrity tokens for audit continuity.

Get Your Free External Scan

Note: This scanner evaluates externally observable technical controls only. It does not constitute a full HIPAA compliance certification. Administrative, physical, and organizational controls that require internal access are marked as "UNKNOWN" and should be assessed separately. Consult qualified compliance professionals for comprehensive HIPAA audits.

Patent Pending — FinalBoss Technology Inc.

HIPAA Risk VisibilityIn Minutes, Not Months.