Basic HIPAA ChecklistEven though HIPAA regulation can seem rather complex, there are some HIPAA basics that can give you an idea for where to get started. We have provided a few key suggestions for you to use for developing your own basic HIPAA checklist.

There are various different HIPAA definitions and HIPAA basics that can help your behavioral health practice start implementing an effective HIPAA compliance program. HIPAA compliance helps ensure that the sensitive health care information you deal with on a daily basis does not become exposed due to data breaches, cyber-security incidents, or improper disclosures caused by simple human error.

HIPAA and PHI Basics

HIPAA is a set of national regulatory standards meant to ensure the security and privacy of protected health information (PHI). PHI is any demographic information that can be used to identify a patient. HIPAA regulation identifies 18 distinct demographic indicators that are considered PHI, which include:

  1. Name
  2. Address (including subdivisions smaller than state such as street address, city, county, or zip code)
  3. Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voice prints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Understanding PHI is the key to understanding HIPAA. For that reason, everything your behavioral health business does to become HIPAA compliant should be geared toward maintaining the confidentiality, integrity, and availability of PHI.

Developing Your Own Basic HIPAA Checklist

Here are a few considerations for building your own basic HIPAA checklist for building your HIPAA compliance program:

  • Identify sources where PHI is maintained and implement the proper physical, technical, and administrative security safeguards.
  • Identify a member of your staff to serve as the Compliance Officer. The Compliance Officer should be the point person for all compliance efforts moving forward, and will help streamline the HIPAA compliance process.
  • Take an inventory of all devices that are used to access, store, or transmit PHI. Ensure that these devices and properly secured with anti-malware software, encryption, back-up, and password protection. You can also begin to craft an asset and device policy to control the use of these devices to mitigate the risk of a PHI breach. Download the free HIPAA Risk Assessment tool provided by to help with this process. Conducting regular HIPAA assessment is a requirement for all covered entities.

Note that even if your practice implements all of these building blocks, these are only pieces of HIPAA compliance and will not render your business compliant. In order to properly maintain the privacy and security of PHI, a total HIPAA compliance program that addresses each of the HIPAA regulatory standards must be in place.

What Are Your Thoughts?

Please leave your comments below.

Basic Telethealth Legal Issues training

Basic Telehealth Rules, Regulations, & Risk Management

Whether you are practicing telemedicine, telehealth, or teletherapy, this course is essential to understand the how and why of legal telepractice today. Taught by telehealth industry leaders, this course helps you learn the must-know definitions, concepts, and their applications to common telepractice situations.

Relevant rules, regulations, and risk management strategies are put in context so you understand telemental health regulatory systems, including inter-jurisdictional practice, psychotherapy note-taking, email, text messaging, security and privacy laws. How and when to hire an attorney for your telepractice is also reviewed in detail.