Track your HIPAA compliance

  • Designate the Privacy Officer for your practice

    • ________________________________________________________________________

  • Designate the Security Officer for your practice

    • ________________________________________________________________________

  • Complete the initial questionnaire on your current office status

    • ________________________________________________________________________

  • Have your first Risk Assessment performed

    • ________________________________________________________________________

  • Review the Risk Assessment and its findings

    • ________________________________________________________________________

  • Remediate all of the problems found in the Risk Assessment

    • ________________________________________________________________________

  • Create hiring process for new employees – Onboarding

    • ________________________________________________________________________

  • Create termination process for employees

    • ________________________________________________________________________

  • Review the status of Business Associate Agreements for your practice

    • ________________________________________________________________________

  • Send Business Associate Agreements to any vendors who are missing

    • ________________________________________________________________________

  • Follow up on all outstanding Business Associate Agreements

    • ________________________________________________________________________

  • Ensure all employees have completed their online training

    • ________________________________________________________________________

  • Print all completed training certificates and put into HIPAA binder

    • ________________________________________________________________________

  • Review your backup and disaster recovery process

    • ________________________________________________________________________

  • Review any devices that require encryption – mobile devices, backup drives, etc.

    • ________________________________________________________________________

  • Review your breach response policy

    • ________________________________________________________________________

  • Follow up with staff training concerning phishing attacks