HIPAA Complaince Protection Checklist 2020

Checklist marked red with a red pen

Medical institutions are obliged to comply with the HIPAA rules and regulations that aim to protect a patient’s health information. However, even after imparting training to the employees and taking appropriate measures, cases of HIPAA violations surface every year. Read this checklist to make sure you are not missing or violating any HIPAA rules and regulations.

What is HIPAA?

The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule standards address the use and disclosure of an individual’s health information” – called “protected health information” by organizations subject to the Privacy Rule – called “covered entities”, as well as standards for individual’s privacy rights to understand and control how their health information is used. In layman’s terms this rule protects the privacy of a patient’s personal and health information by ensuring the following three types of protective measures:

Technical Protections

Scramble

Encrypt any ePHI outside the firm’s firewalled hard-ware. (Must do)

Control Access

Assign each user a centrally-controlled unique username and PIN code. Establish emergency procedures to govern ePHI release or disclosure. (Must do)

Authenticate ePHI

Protect data from corruption and incorrect destruction. (Or alternative)

Become Scramble-Ready

All devices that access the system should be able to encrypt and decrypt messages. (Or alternative)

HIPAA Ready
HIPAA Ready
HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Try Free Trial Now

Control Activity Audits

Log any access efforts and data manipulation. (Must do)

Enable Automatic Logoff

Log people out after a set time-frame. (Or alternative)

Physical Protections

Control facility access

Carefully track all individuals who have physical access to data storage, even cleaning staff. Take reasonable steps to block unauthorized entry. (Or alternative)

Manage Workstations

Write a policy to limit which workstations can access health data, guard screens from parties at a distance, and delineate proper workstation use. (Must do)

Protect Mobile

Remove data from devices before they are circulated to another user. (Must do)

Administrative Protections

Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronically protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.

  • Security management process
  • Assigned security responsibility
  • Workforce security
  • Information access management
  • Security awareness and training
  • Security incident procedures
  • Contingency plan
  • Evaluation
  • Business associate contracts and other arrangements.

Worried about your organization’s compliance risk in terms of protecting health data? At CloudApper, we have developed HIPAA Ready – an app that not only helps you to protect your organization’s data but also offers a modern, affordable, and effective way of safeguarding yourself from the next HIPAA Compliance audit.

cloudapper-no-code-platform-footer
Skip to content