HIPAA Compliance Checklist
This sample checklist provides a good idea of things to consider.
|
Y |
N |
Notes/Observations |
|
1. |
Is there PHI (protected health information) in the regular trash bins? | |||
2 |
Are shred containers or other PHI disposal bins easily accessible by staff members? | |||
3 |
Are shred containers locked? | |||
4 |
Are documents to be shredded left in the open, including overnight? | |||
5 |
Are documents containing PHI (appointment schedules, lab orders, client invoices) visible to unauthorized individuals, including the general public? | |||
6 |
Are documents containing PHI left in unattended areas? | |||
7 |
Are client charts maintained and stored in a secure area? | |||
8 |
Are materials removed from printers and fax machines in a timely manner? Are the machines checked at night? Are unclaimed documents stored in a secure manner and location? | |||
9 |
Do staff members verify fax numbers before sending a fax? | |||
10 |
Are staff members restricted within electronic records to only have access to PHI for which they are approved? (PIMSY lets you set any desired parameters via security profiles.) | |||
11 |
Have all staff and faculty completed HIPAA training? | |||
12 |
Do staff members ensure that all conversations containing PHI are necessary and the minimum amount of PHI possible is discussed? | |||
13 |
Do staff members ensure that all necessary conversations containing PHI are kept private and out of earshot of unauthorized individuals? | |||
14 |
Is there a process for identifying and issuing clients who need to receive a Notice of Privacy Practices (NPP) and for collecting and documenting the client’s signed acknowledgement of receiving the NPP? | |||
15 |
Do staff members log-off computers before leaving workstations? PIMSY has auto-log off that can be set to desired time-out specifications). | |||
16 |
Are computer monitors and printers located in secure areas, and are they positioned so that the public can’t access or view PHI on them? | |||
17 |
Do staff members protect their hardware and/or software logins and make sure they are not accessible at their workstations or by unauthorized individuals? | |||
18 |
Do staff members make sure they’re not sharing another employee’s login to hardware and/or software? | |||
19 |
Can clients in the waiting room overhear the registration process? | |||
20 |
Do clients or the public have access to any areas in the building where confidential information is stored or accessible? | |||
21 |
Do staff members know that they should not access the health information of their co-workers, family or friends? | |||
22 |
Do staff members know what to do if clients request amendments to their records/chart? | |||
23 |
Do staff members know what to do if clients request their records/chart? | |||
24 |
Do staff members know who to contact if they have questions about HIPAA and/or client privacy (ie, Chief Compliance Officer and Privacy Director)? | |||
25 |
Do staff members know where they should refer questions regarding HIPAA and/or client privacy? | |||
26 |
Are staff members making sure they don’t use the preview pane when viewing emails? | |||
27 |
Are checks and cash locked up overnight? | |||
28 |
Are computers and scanners shut down completely at the end of the day? | |||
29 |
Are privacy/confidentiality/security signs posted for the custodial staff? | |||
30 |
Are security doors (file room, office) locked and operation? |
Easy HIPAA compliance ideas to consider:
- A fax cover page that goes out with all documents letting the recipient know that the information is confidential and needs to be handled under HIPAA privacy guidelines
- “Remember to log off” stickers place at every workstation to remind staff members to restrict access to any confidential materials before leaving their desks.
Author(s)
Stuart J. Oberman, Esq.
Stuart J. Oberman is the founder and President of Oberman Law Firm. Mr. Oberman graduated from Urbana University and received his law degree from John Marshall Law School. Mr. Oberman has been practicing law for over 30 years, and before going into private practice, Mr. Oberman was in-house counsel for a Fortune 500 Company.
Read More =>