HIPAA compliance checklistCompleting a HIPAA compliance checklist should be the first step when assessing whether or not your behavioral health practice is HIPAA compliant. A HIPAA compliance checklist lays out what is required under the Health Insurance Portability and Accountability Act (HIPAA), allowing practices to measure their business practices against the requirements mandated by HIPAA

What Does a HIPAA Compliance Checklist Consist Of?

A HIPAA compliance checklist is a series of questions that ensure that you have covered the full extent of the HIPAA regulations. The following are questions that may be contained in a HIPAA checklist:

  • Have you completed the six required annual self-audits?
    • Security Risk Assessment
    • Security Standards Audit
    • Privacy Assessment
    • HITECH Subtitle D Audit
    • Asset and Device Audit
    • Physical Site Audit
  • Did your self-audits identify any gaps?
    • Did you document all gaps found?
  • Did you create remediation plans to close the identified gaps?
    • Are your remediation plans documented in writing?
    • Do you review and update your remediation plans annually?
    • Do you keep records of your remediation plans for six years?
  • Do you train all staff members annually?
    • Do you document your annual training?
    • Do you have a designated Compliance, Privacy, and Security Officer?
  • Do you have Policies and Procedures in line with HIPAA Privacy, Security, and Breach Notification Rules?
    • Have all staff members read and legally attested to your policies and procedures?
    • Are their legal attestations documented?
    • Do you review your policies and procedures annually and document your review?
  • Have you identified all of your business associates and vendors?
    • Do you have signed business associate agreements with all of your business associates?
    • Do you review your business associate agreements annually?
    • Have you sent vendor questionnaires to all of your vendors and business associates?
    • Do you have signed confidentiality agreements with your non-business associate vendors?
  • Do you have an incident response plan and a system for reporting breaches?
    • Can you track and manage incident investigations?
    • Do you have a process for reporting breaches or incidents?
    • Can your employees report breaches anonymously?

To download your free HIPAA compliance checklist click here!

Once you have completed the HIPAA compliance checklist, you should have a better understanding of where your behavioral health practice stands in terms of HIPAA compliance. A HIPAA compliance checklist is meant to provide basic guidelines that practices can use to determine where their business processes may be lacking. To get a full understanding of where your practice stands with HIPAA, it is best to consult an expert.

What Are Your Thoughts?

Please leave your comments below.

Basic Telehealth Legal Issues

Would TBHI Telehealth Training Help You?

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on interjurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, duty to report, termination and much more!