Can A HIPAA Checklist Make Compliance Easier? (Questions/Answers)

5 Crucial Questions Made The Top 20 HIPAA Checklist Questionnaire, Which Box Did You Not Check?

We’ve all used them. Crib notes, cheat sheets, or Cliff notes to bring us up to speed quickly on a topic or subject matter we have forgotten about, but need to refresh our memory. However, when it comes to HIPAA compliance and keeping up with all the regulations, it can be taxing and daunting to remember.

What we’ve done is recreate a portion of the HIPAA Compliance Questionnaire for you to review here or if time doesn’t permit you can download the full document with all 20 questions listed at the following link: The HIPAA Checklist

1. Have You Conducted the Following Audits/Assessments? (NIST Guidelines)

Special Publication 800-30, Chapter Three, under the Guide for Conducting Risk Assessments; NIST guidelines require that you must administer three types of Assessments:

• Administrative
• Privacy
• Security Risk

You must remember, there are four assessment steps, under the NIST guidelines you must follow:

• Step 1. Prepare For Assessment
• Step 2. Conduct Assessment
• Step 3. Communicate Assessment Results
• Step 4. Maintain Assessment

2. What Policies and Procedures Relevant to the HIPAA Privacy, Security, and Breach Notification Rules Do You Have In Place?

Staff members at every level are required to read and attest to your Policies and Procedures. Once they have done so, their attestation would be documented and kept on file. Which brings us to the question an auditor will ask, “do you have documentation of their current or recent review and endorsement?” If so, under an audit you might be asked to produce such files.

Along with documenting the staff’s attestation, there are annual reviews of those same Policies and Procedures. Do note: yearly recording of reports, of your Policies and Procedures, is also required under HIPAA compliance.

3. Have All Staff Members Undergone Basic HIPAA Training?

HIPAA training is not optional. It is mandatory for anyone, doctors, staff, vendors, and business associates who come in contact with protected health information (PHI). HIPAA requires your organization to provide training for:

• All employees – Full or part-time
• New workforce members – Staff recently hired
• Documentation of all staff’s training – New HIPAA training or refresher courses
• Periodic refresher training – Ongoing and continuous training

Bear in mind all regulations do get updated yearly. To stay current, and avoid falling behind, a best practice refresher training should be at least once a year. All staff, from doctors down to part-time employees or interns, must go through the training. Also, failure to comply with refresher training for all members, can and will result in HIPAA violations and stiff fines.

4. Have You Identified All Business Associates?

Another mandatory part of HIPAA compliance is identifying all business associates. You must have every Business Associate Agreement in place and signed by all Business Associates, and this too is not optional.

Two of the questions an auditor will ask you:

• Have you audited your Business Associates to guarantee they are HIPAA compliant?
• Do you have documented reporting to prove your due diligence?

Between the Privacy Rule for Protected Health Information (PHI) and the Security Rule for Electronic Protected Health Information (ePHI), it is a must to confirm all business associates went through an audit, provided signed business associate agreements, and are currently HIPAA compliant.

5. Do You Have a Management Process In Place In the Event of Incidents and Breaches?

Incidents and Breaches are a grave matter. They do happen, but a current practice has a management process in place in the event either of these occurs. To be prepared, there will be four possible questions an auditor will ask in case of an audit:

• What is your process to track and manage all incident investigations?
• Can you demonstrate how you investigated all incidents?
• What reporting can you provide for any incidents or breaches?
• Have you implemented an anonymous reporting process for all of your staff?

Where Can You Download The Full HIPAA Compliance Questionnaire?

The purpose of this article is to give you HIPAA tools that will be easy to use and keep you on the compliant side of HIPAA. You’ve just read only five of the twenty questions that are listed on the Checklist. To grab a copy of all 20 Questions, click on the link: The HIPAA Checklist

Like this article? Check out, Have You Heard Of Microsoft Whiteboard? And Protecting Your Organization For IoT Exploits (Research/Information) or Looking For The Best Phone Systems For Medical Practices In Marietta, GA? to learn more.