HIPAA Checklist

An answer of 'FALSE' to any of these statements may indicate the need for change in office implementation and/or procedures to be in compliance with current HIPAA legislation.

1. Patients and non-staff individuals cannot gain access to computers, printers, PDA's, patient files, laboratory reports or fax machines. Computer screens are not viewable by patients.

2. The office does not include confidential patient information on a patient sign-in sheet.

3. The office has formal privacy and security procedures regarding access to confidential information, access to computer information, and access to areas of the office that may contain confidential information.

4. Each computer user has an individual computer password. The passwords are changed on a regular basis and passwords of terminated employees are deleted immediately.

5. When a person is no longer authorized to access information, they are required to return all keys, tokens, cards and other items that allow access to the office and to computer systems.

6. Formal privacy and security policies for all office personnel exist and training is provided for all office personnel and periodically refreshed. All training is documented.

7. A comprehensive survey of all computer systems, software and peripherals exists in the office. Versions, service releases, and updates are all recorded and current.

8. The office has a disaster plan to protect patient information, contingency plans in the event of computer systems failure, performs regular virus and system stability checks, and has procedures in place to correct identified problems.

9. Laptop computers, PDA’s, and other portable devices are secure and policies for removing them from the office, and the information stored within them, are in place.

10. E-mail, telephone conversations, and all other Internet transmissions are secure and free from eavesdropping. An operational and secure firewall is in place to protect unauthorized network intrusions.