HIPAA Compliance

HIPAA Compliance Checklist


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Completing a HIPAA compliance checklist should be the first step when assessing whether or not your behavioral health practice is HIPAA compliant. A HIPAA compliance checklist lays out what is required under the Health Insurance Portability and Accountability Act (HIPAA), allowing practices to measure their business practices against the requirements mandated by HIPAA

What Does a HIPAA Compliance Checklist Consist Of?

A HIPAA compliance checklist is a series of questions that ensure that you have covered the full extent of the HIPAA regulations. The following are questions that may be contained in a HIPAA checklist:

  • Have you completed the six required annual self-audits?
  • Security Risk Assessment
  • Security Standards Audit
  • Privacy Assessment
  • HITECH Subtitle D Audit
  • Asset and Device Audit
  • Physical Site Audit
  • Did your self-audits identify any gaps?
  • Did you document all gaps found?
  • Did you create remediation plans to close the identified gaps?
  • Are your remediation plans documented in writing?
  • Do you review and update your remediation plans annually?
  • Do you keep records of your remediation plans for six years?
  • Do you train all staff members annually?
  • Do you document your annual training?
  • Do you have a designated Compliance, Privacy, and Security Officer?
  • Do you have Policies and Procedures in line with HIPAA Privacy, Security, and Breach Notification Rules?
  • Have all staff members read and legally attested to your policies and procedures?
  • Are their legal attestations documented?
  • Do you review your policies and procedures annually and document your review?
  • Have you identified all of your business associates and vendors?
  • Do you have signed business associate agreements with all of your business associates?
  • Do you review your business associate agreements annually?
  • Have you sent vendor questionnaires to all of your vendors and business associates?
  • Do you have signed confidentiality agreements with your non-business associate vendors?
  • Do you have an incident response plan and a system for reporting breaches?
  • Can you track and manage incident investigations?
  • Do you have a process for reporting breaches or incidents?
  • Can your employees report breaches anonymously?

To download your free HIPAA compliance checklist click here!

Once you have completed the HIPAA compliance checklist, you should have a better understanding of where your behavioral health practice stands in terms of HIPAA compliance. A HIPAA compliance checklist is meant to provide basic guidelines that practices can use to determine where their business processes may be lacking. To get a full understanding of where your practice stands with HIPAA, it is best to consult an expert.

Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x