HIPAA Compliance Checklist

HIPAA Compliance Checklist

HIPAA compliance checklistCompleting a HIPAA compliance checklist should be the first step when assessing whether or not your behavioral health practice is HIPAA compliant. A HIPAA compliance checklist lays out what is required under the Health Insurance Portability and Accountability Act (HIPAA), allowing practices to measure their business practices against the requirements mandated by HIPAA.

What Does a HIPAA Compliance Checklist Consist Of?

A HIPAA compliance checklist is a series of questions that ensure that you have covered the full extent of the HIPAA regulations. The following are questions that may be contained in a HIPAA checklist:

  • Have you completed the six required annual self-audits?
    • Security Risk Assessment
    • Security Standards Audit
    • Privacy Assessment
    • HITECH Subtitle D Audit
    • Asset and Device Audit
    • Physical Site Audit
  • Did your self-audits identify any gaps?
    • Did you document all gaps found?
  • Did you create remediation plans to close the identified gaps?
    • Are your remediation plans documented in writing?
    • Do you review and update your remediation plans annually?
    • Do you keep records of your remediation plans for six years?
  • Do you train all staff members annually?
    • Do you document your annual training?
    • Do you have a designated Compliance, Privacy, and Security Officer?
  • Do you have Policies and Procedures in line with HIPAA Privacy, Security, and Breach Notification Rules?
    • Have all staff members read and legally attested to your policies and procedures?
    • Are their legal attestations documented?
    • Do you review your policies and procedures annually and document your review?
  • Have you identified all of your business associates and vendors?
    • Do you have signed business associate agreements with all of your business associates?
    • Do you review your business associate agreements annually?
    • Have you sent vendor questionnaires to all of your vendors and business associates?
    • Do you have signed confidentiality agreements with your non-business associate vendors?
  • Do you have an incident response plan and a system for reporting breaches?
    • Can you track and manage incident investigations?
    • Do you have a process for reporting breaches or incidents?
    • Can your employees report breaches anonymously?

To download your free HIPAA compliance checklist click here!

Once you have completed the HIPAA compliance checklist, you should have a better understanding of where your behavioral health practice stands in terms of HIPAA compliance. A HIPAA compliance checklist is meant to provide basic guidelines that practices can use to determine where their business processes may be lacking. To get a full understanding of where your practice stands with HIPAA, it is best to consult an expert.

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!

HIPAA Webinars:

Cyber Security


Cyber Security: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice and Your Clients/Patients

Ransomware hackers attack smaller healthcare practices daily, creating serious data breaches and HIPAA violations. Are you and your clients/patients vulnerable, too?


Social Media and HIPAA Compliance


Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age

Managing social media use and HIPAA compliance can lead to some of the most common misunderstandings faced by healthcare providers. Improperly trained employees can expose your organization to HIPAA violations and costly fines!


Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.

Rate this post!

(4 raters, 20 scores, average: 5.00 out of 5)

Leave a Reply

Name and email are required. Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.