Sample HIPAA Compliance Checklist

HIPAA Compliance Checklist

 

This sample checklist provides a good idea of things to consider.

 

 

 

Y

N

Notes/Observations

1.

Is there PHI (protected   health information) in the regular trash bins?

 

 

 

2

Are shred containers or   other PHI disposal bins easily accessible by staff members?

 

 

 

3

Are shred containers   locked?

 

 

 

4

Are documents to be   shredded left in the open, including overnight?

 

 

 

5

Are documents containing   PHI (appointment schedules, lab orders, client invoices) visible to   unauthorized individuals, including the general public?

 

 

 

6

Are documents containing   PHI left in unattended areas?

 

 

 

7

Are client charts   maintained and stored in a secure area?

 

 

 

8

Are materials removed from   printers and fax machines in a timely manner? Are the machines checked at   night? Are unclaimed documents stored in a secure manner and location?

 

 

 

9

Do staff members verify fax   numbers before sending a fax?

 

 

 

10

Are staff members   restricted within electronic records to only have access to PHI for which they   are approved? (PIMSY lets you set any desired parameters via security   profiles.)

 

 

 

11

Have all staff and faculty   completed HIPAA training?

 

 

 

12

Do staff members ensure   that all conversations containing PHI are necessary and the minimum amount of   PHI possible is discussed?

 

 

 

13

Do staff members ensure   that all necessary conversations containing PHI are kept private and out of   earshot of unauthorized individuals?

 

 

 

14

Is there a process for   identifying and issuing clients who need to receive a Notice of Privacy   Practices (NPP) and for collecting and documenting the client’s signed   acknowledgement of receiving the NPP?

 

 

 

15

Do staff members log-off   computers before leaving workstations? PIMSY has auto-log off that can be set   to desired time-out specifications).

 

 

 

16

Are computer monitors and   printers located in secure areas, and are they positioned so that the public   can’t access or view PHI on them?

 

 

 

17

Do staff members protect   their hardware and/or software logins and make sure they are not accessible   at their workstations or by unauthorized individuals?

 

 

 

18

Do staff members make sure   they’re not sharing another employee’s login to hardware and/or software?

 

 

 

19

Can clients in the waiting   room overhear the registration process?

 

 

 

20

Do clients or the public   have access to any areas in the building where confidential information is   stored or accessible?

 

 

 

21

Do staff members know that   they should not access the health information of their co-workers, family or   friends?

 

 

 

22

Do staff members know what   to do if clients request amendments to their records/chart?

 

 

 

23

Do staff members know what   to do if clients request their records/chart?

 

 

 

24

Do staff members know who   to contact if they have questions about HIPAA and/or client privacy (ie,   Chief Compliance Officer and Privacy Director)?

 

 

 

25

Do staff members know where   they should refer questions regarding HIPAA and/or client privacy?

 

 

 

26

Are staff members making   sure they don’t use the preview pane when viewing emails?

 

 

 

27

Are checks and cash locked   up overnight?

 

 

 

28

Are computers and scanners   shut down completely at the end of the day?

 

 

 

29

Are   privacy/confidentiality/security signs posted for the custodial staff?

 

 

 

30

Are security doors (file   room, office) locked and operation?

 

 

 

 

 

Easy HIPAA compliance ideas to consider:

 

  • A fax cover page that goes out with all documents letting the recipient know that the information is confidential and needs to be handled under HIPAA privacy guidelines
  • “Remember to log off” stickers place at every workstation to remind staff members to restrict access to any confidential materials before leaving their desks.