HIPAA Checklist


# Question Not


Awareness & Education
1 Has your organization had any
Awareness Education on HIPAA Regulations and Compliance?
2 Do you monitor or receive
automated information regarding changes in HIPAA regulations

Project Planning
3 Have you selected a Project
Manager and Project Team for your HIPAA Project?
4 Have you created a Project

Electronic Transactions
5 Have you applied for the ACSA
Electronic Transaction extension for your organization?
6 Have you completed an inventory of all information systems and work flow processes with regard to Electronic Transactions?      
7 Have you compiled a list of
vendors, health plans, business associates and trading partners?
8 Have you gathered, reviewed and
compared your current billing forms, policies, and procedures to the HIPAA Electronic Claims Transaction and Code Set regulations?

9 Has your organization designated an Information Privacy and Security Officer as required by HIPAA?      
10 Have you developed a Notice of
Information Practices to post in your office and distribute to each patient?
11 Have you gathered, reviewed and
compared your current forms, policies, and procedures to the HIPAA Privacy Regulations and State Privacy Regulations?
12 Have you developed policies and
procedures that meet the needs of your Human Resources Department with regard to Privacy requirements for the
protection of health information of your staff?
13 Have you developed processes
for documenting, retaining, distributing and discarding Protected Health Information (PHI) as required by HIPAA?
14 Have you developed processes
for receiving, investigating and documenting individual complaints?
15 Have you developed or revised
current consent forms for patients in line with HIPAA regulations?
16 Do you have all forms that must
be read and signed by patients in languages appropriate to their

17 Has your organization completed
a Security Evaluation on the information systems used in conjunction with maintaining your current and future Protected Health Information?
18 Does your organization have virus checking software, firewalls and operating systems that provide encryption and other security measures?      
19 Does your organization perform back-ups of your data daily?      
20 Does your organization have a Disaster Recovery and Contingency Plan to meet the HIPAA Security Standards?      
21 Has you organization developed security policies and procedures with regard to confidentiality statements, individually identifying information system users,
passwords, automatic logoff, acceptable use, e-mail, internet usage, authentication of workstations, monitoring and documenting unauthorized access, audit trails of users, sanctions for misuse or disclosure and termination checklists?
22 Has your organization provided for the overall physical security of your  information systems, facility, staff, and medical records?      
23 Has your organization developed job descriptions for HIPAA required positions and all other positions in your organization?      

National Identifiers
24 Have you located, printed and read the Proposed Regulations for National Identifiers to include National Provider Identifier and National Payer Identifier, National Employer Identifier?      

General Information
25 Have you developed a comprehensive training program for your organizations staff (both present and future) covering all HIPAA standards to include responsibilities and penalties for  non-compliance?      
26 Does your organization have a Compliance Officer and General  Compliance Plan to cover such things as fraud and abuse, codes of conduct, whistle-blower suits, auditing and monitoring, disciplinary standards and
personnel issues, responding to problems, investigations and corrective actions?