Having a complete HIPAA compliance program is important to your organization. Run through this HIPAA compliance checklist to see if you have your foundation of HIPAA compliance in place and easily retrievable.
HIPAA Policies and Procedures
- HIPAA privacy policies, procedures, and forms
- HIPAA security policies, procedures, and forms
- HIPAA Breach Notification policy and procedure
- Most recent Notice of Privacy practices
- Privacy officer’s job responsibilities and contact information
- Security officer’s job responsibilities and contact information
HIPAA workflows and evidence of compliance
- Most recent HIPAA Risk Analysis
- Most current HIPAA risk mitigation/risk management documentation
- Business Associate agreements with list of Business Associates
- Workforce HIPAA training, periodic HIPAA updates, HIPAA training log
- Password policies by system
- Workstation security practices (anti-virus, password requirement, password timeframes, workstation use, etc.)
HIPAA documentation specific to the organization
- List of all software systems containing Protected Health Information
- List of all hardware used in the organization (laptops, computers, servers, tablets, printers, etc.)
- List of all devices and systems that use encryption, including type of encryption
- List of security measure for secure data transmission (example: encrypted email)
- List of all users and access into systems with Protected Health Information (PHI)
- Contingency plan (disaster recovery plan)
- Faculty security plan and office layout
This is not an all-inclusive list to what may be requested during a HIPAA audit. This is a list of recommended documentation that should be gathered and stored in a central location to assist with ease of documentation gathering during a HIPAA audit. Checklist courtesy of Planet HIPAA.