A Health Insurance Portability and Accountability Act (HIPAA) compliance checklist should include items pertaining to several basic enforcement areas. These areas include access to information and records, response to incidents, and emergency operations and contingency plans. Software, hardware, and transmission security, as well as audit control should also be included on your HIPAA compliance checklist. In addition to compiling this checklist, you should also assign someone to act as a compliance officer to ensure that all employees are properly trained to comply with HIPAA rules.
Your HIPAA compliance checklist should clearly define which personnel are allowed access to information and records. It should also set policies for modifying access to this information. Procedures for responding to security incidents should be included on the list as well. All incidents and their outcomes should be reported and well documented in the event of an ongoing investigation or if security policies need to be modified to prevent future occurrences. Your HIPAA compliance checklist will also need to include some type of backup and recovery procedure to ensure that all necessary business operations will continue if a disaster of some type should occur. A method of testing this procedure will also be needed along with a plan for replacing any damaged equipment.
The installation of a security firewall for all computer equipment should be included on your HIPAA compliance checklist as well as installing a professional, up-to-date version of any operating system being used. Along with these security measures, you will need to make certain that all personal information is securely encrypted prior to being electronically transmitted. Your list should contain procedures for obtaining regular security updates for all forms of computer software, hardware, applications, and operating systems. Additionally, you will need to have some type of schedule for performing routine procedure audits to ensure that all computer and data control systems are in compliance with HIPAA regulations.
Once you have completed your HIPAA compliance checklist, you should assign someone the task of acting as the organization’s security analyst or HIPAA compliance officer. This person will be responsible for maintaining and enforcing compliance with all HIPAA rules and regulations. This officer will also be responsible for ensuring that all personnel are properly trained in your organization's HIPAA compliance policies and procedures. Everyone in the organization should receive complete training in matters such as awareness of HIPAA privacy regulations, safeguarding of passwords, and preventing unauthorized access to workstations. Training should also be provided concerning the protection of software from viruses and other malicious programs.