The 42 questions will take the office about 30 minutes to answer. They are all based directly on the HIPAA rules as presented by the department of HHS. As soon as you finish you will get a score that shows you your level of risk. You can them follow up with PCIHIPAA or an IT vendor of your choice to address any deficiencies the assessment discovers.
The full report includes documented findings with suggested steps to mitigate any risks. Which is exactly what the rules require.