These questions cover the components to make you are HIPAA-compliant. The list is intended to be used for self-evaluation.

​

Have you conducted the necessary audits and assessments according to National Institutes of Standards and Technology (NIST) Guidelines?

​

The audits in question involve security risk assessments, privacy assessments, and administrative assessments.

​

Have you identified all the deficiencies and issues discovered during the three audits?

​

There are several things to consider before doing the self-audit checklist. You need to ensure that all security, privacy, and administrative deficiencies and issues are appropriately addressed.

​

Have you created thorough remediation plans to address the deficiencies you have identified?

 

After covering the deficiencies and issues mentioned above, you need to provide remediation for each group.

​

Do you have policies and procedures in place that are relevant to the HIPAA Privacy Rule, the HIPAA Security Rule, and the HIPAA Breach Notification Rule?

​

You must be aware of these three critical aspects of a HIPAA compliance program and ensure each is adequately addressed.

​

• • Have you distributed the policies and procedures specified to all staff members?

    • Have all staff members read and attested to the HIPAA policies and procedures you have put in place?

    • Have you documented their attestation, so you can prove that you have distributed the rules?

    • Do you have documentation for annual reviews of your HIPAA policies and procedures?
       

  • Have all your staff members gone through basic HIPAA compliance training?

    • Have all staff members completed HIPAA training for employees?

    • Do you have documentation of their training?

    • Have you designated a staff member as the HIPAA Compliance, Privacy, or Security Officer as required by law?

  • Have you identified all business associates as defined under HIPAA rules?

    • Have you identified all associates who may receive, transmit, maintain, process, or have access to ePHI?

    • Do you have a Business Associate Agreement (Business Associate Contract) in place with each identify you have identified as a Business Associate?

    • Have you audited your Business Associates to make sure they are compliant with HIPAA rules?

    • Do you have written reports to prove your due diligence regarding your Business Associates?

  • Do you have a management system in place to handle security incidents or breaches?
     

    • Do you have systems in place to allow you to track and manage investigations of any incidents that impact the security of PHI?

    • Can you demonstrate that you have investigated each incident?

    • Can you provide reporting of all breaches and incidents, whether they are minor or meaningful?

    • Is there a system in place so staff members may anonymously report an incident if the need arises?
       

As you work your way through this checklist, remember to be thorough. You must be able to provide proper documentation of your audits, procedures, policies, training, and breaches.

 

Contact Us to help be HIPAA Compliant and avoid HIPAA Violation Fines! Our security experts can help you!
 

​