HIPAA Checklist
| # | Question | Not Started |
In Process |
Completed |
Awareness & Education |
||||
| 1 | Has your organization had any Awareness Education on HIPAA Regulations and Compliance? |
|||
| 2 | Do you monitor or receive automated information regarding changes in HIPAA regulations |
|||
Project Planning |
||||
| 3 | Have you selected a Project Manager and Project Team for your HIPAA Project? |
|||
| 4 | Have you created a Project Plan? |
|||
Electronic Transactions |
||||
| 5 | Have you applied for the ACSA Electronic Transaction extension for your organization? |
|||
| 6 | Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions? | |||
| 7 | Have you compiled a list of vendors, health plans, business associates and trading partners? |
|||
| 8 | Have you gathered, reviewed and compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations? |
|||
Privacy |
||||
| 9 | Has your organization designated an Information Privacy and Security Officer as required by HIPAA? | |||
| 10 | Have you developed a Notice of Information Practices to post in your office and distribute to each patient? |
|||
| 11 | Have you gathered, reviewed and compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations? |
|||
| 12 | Have you developed policies and procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the protection of health information of your staff? |
|||
| 13 | Have you developed processes for documenting, retaining, distributing and discarding Protected Health Information (PHI) as required by HIPAA? |
|||
| 14 | Have you developed processes for receiving, investigating and documenting individual complaints? |
|||
| 15 | Have you developed or revised current consent forms for patients in line with HIPAA regulations? |
|||
| 16 | Do you have all forms that must be read and signed by patients in languages appropriate to their culture? |
|||
Security |
||||
| 17 | Has your organization completed a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information? |
|||
| 18 | Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures? | |||
| 19 | Does your organization perform back-ups of your data daily? | |||
| 20 | Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards? | |||
| 21 | Has you organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users, passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists? |
|||
| 22 | Has your organization provided for the overall physical security of your information systems, facility, staff, and medical records? | |||
| 23 | Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization? | |||
National Identifiers |
||||
| 24 | Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier? | |||
General Information |
||||
| 25 | Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for non-compliance? | |||
| 26 | Does your organization have a Compliance Officer and General Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and personnel issues, responding to problems, investigations and corrective actions? |
|||
