top of page

Is your HIPAA Compliance Checklist ready.

HIPAA Compliance Checklist : The following are identified by HHS OCR as elements of an effective compliance program. Please check off as applicable to self-evaluate your practice or organization.

Have you conducted the following six required annual Audits / Assessments?

  1. Security Risk Assessment

  2. Privacy Standards Audit ( Not required for BAs)

  3. HITECH Subtitle Privacy Audit

  4. Security Standards Audit

  5. Asset and Device Audit

  6. Physical Site Audit

Have you identified all gaps uncovered in the audits above?

  1. Have you documented all deficiencies ?

Have you created remediation plans to address deficiencies found in all six audits?

  1. Are these remediation plans fully documented in writing?

  2. Do you update and review these remediation plans annually?

  3. Are annually documented remediation plans retained in your records for six years?

Have all staff members undergone annual HIPAA training?

  1. Do you have documentation of their training?

  2. Is there a staff member designated as HIPAA Compliance, Privacy, and/or Security Officer?

Do you have Policies and Procedures relevant to the annual HIPAA Privacy, Security, and Breach Notification Rules?

  1. Have all staff members read and legally attested to the Policies and Procedures?

  2. Do you have documentation of their legal attestation?

  3. Do you have documentation for annual review of your Policies and Procedures?

Have you identified all of your vendors and business associates?

  1. Do you have Business Associate Agreement in place with all business Associates?

  2. Have you performed due diligence of your Business Associates to assess their HIPAA compliance?

  3. Are you tracking and reviewing your Business Associates Agreements annually?

  4. Do you have Confidentiality Agreement with non-Business Associate vendors?

Do you have a defined process for incidents or preaches?

  1. Do you have the ability to track and manage the investigations of all incidents?

  2. Are you able to provide the required reporting of minor or meaningful breaches or incidents?

  3. Do your staff members have the ability to anonymously report an incident?

** AUDIT TIP - If audited, you must provide all documentation for the past six years to auditors.


To Schedule Your HIPAA Consultation, Contact Rede Consulting Compliance Team Today !!! @ INFO@REDE-CONSULTING.COM

About Rede Consulting :

Rede Consulting Services creates digital transformation advantage for businesses using ServiceNow Platform. We are a leading digital services and software company with local presence and global capabilities. Headquartered in Pune-India, Rede Consulting employs a team of highly experienced and certified ServiceNow experts. We are in the business of ServiceNow - Consulting | Implementation | Development | Integration | Configuration | Hyper Automation and Support services.

Feel free to get in touch : Whether you are evaluating a ServiceNow solution or are an existing ServiceNow user and want to learn more, please get in touch with our Experts at / Visit :, our business page to know more about us.

Note: This checklist is composed of general questions about the measures your organization should have in place to state that you are HIPAA compliant, and does not qualify as legal advice. Successfully completing this checklist does not certify that you or your organization are HIPAA compliant.

5 views0 comments


bottom of page