Law
Fact-checked

At WiseGEEK, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What Should I Include on a HIPAA Compliance Checklist?

T. L. Childree
T. L. Childree

A Health Insurance Portability and Accountability Act (HIPAA) compliance checklist should include items pertaining to several basic enforcement areas. These areas include access to information and records, response to incidents, and emergency operations and contingency plans. Software, hardware, and transmission security, as well as audit control should also be included on your HIPAA compliance checklist. In addition to compiling this checklist, you should also assign someone to act as a compliance officer to ensure that all employees are properly trained to comply with HIPAA rules.

Your HIPAA compliance checklist should clearly define which personnel are allowed access to information and records. It should also set policies for modifying access to this information. Procedures for responding to security incidents should be included on the list as well. All incidents and their outcomes should be reported and well documented in the event of an ongoing investigation or if security policies need to be modified to prevent future occurrences. Your HIPAA compliance checklist will also need to include some type of backup and recovery procedure to ensure that all necessary business operations will continue if a disaster of some type should occur. A method of testing this procedure will also be needed along with a plan for replacing any damaged equipment.

HIPPA is a set of laws put in place to protect a patient's medical information.
HIPPA is a set of laws put in place to protect a patient's medical information.

The installation of a security firewall for all computer equipment should be included on your HIPAA compliance checklist as well as installing a professional, up-to-date version of any operating system being used. Along with these security measures, you will need to make certain that all personal information is securely encrypted prior to being electronically transmitted. Your list should contain procedures for obtaining regular security updates for all forms of computer software, hardware, applications, and operating systems. Additionally, you will need to have some type of schedule for performing routine procedure audits to ensure that all computer and data control systems are in compliance with HIPAA regulations.

Under some circumstances, a person's spouse may be granted access to her medical information.
Under some circumstances, a person's spouse may be granted access to her medical information.

Once you have completed your HIPAA compliance checklist, you should assign someone the task of acting as the organization’s security analyst or HIPAA compliance officer. This person will be responsible for maintaining and enforcing compliance with all HIPAA rules and regulations. This officer will also be responsible for ensuring that all personnel are properly trained in your organization's HIPAA compliance policies and procedures. Everyone in the organization should receive complete training in matters such as awareness of HIPAA privacy regulations, safeguarding of passwords, and preventing unauthorized access to workstations. Training should also be provided concerning the protection of software from viruses and other malicious programs.

Discussion Comments

anon287145

Regarding HIPAA consent forms, etc., how often do these need to be updated in the patient charts?

Post your comments
Login:
Forgot password?
Register:
    • HIPPA is a set of laws put in place to protect a patient's medical information.
      By: Monkey Business
      HIPPA is a set of laws put in place to protect a patient's medical information.
    • Under some circumstances, a person's spouse may be granted access to her medical information.
      By: Alexander Raths
      Under some circumstances, a person's spouse may be granted access to her medical information.
    • A HIPAA compliance checklist should include items pertaining to emergency operations.
      By: corepics
      A HIPAA compliance checklist should include items pertaining to emergency operations.