Can A HIPAA Checklist Make Compliance Easier? (Questions/Answers)
Who can tell you if staff members have the freedom to report an incident anonymously? The Checklist can. Who knows if you are required to audit your business associates to guarantee they are currently HIPAA compliant? The Checklist knows. Who will remind you if a staff member must be designated as the HIPAA Compliance, Privacy, and/or Security Officer? The HIPAA Compliance Checklist will.
5 Crucial Questions Made The Top 20 HIPAA Checklist Questionnaire, Which Box Did You Not Check?
We’ve all used them. Crib notes, cheat sheets, or Cliff notes to bring us up to speed quickly on a topic or subject matter we have forgotten about, but need to refresh our memory. However, when it comes to HIPAA compliance and keeping up with all the regulations, it can be taxing and daunting to remember.
What we’ve done is recreate a portion of the HIPAA Compliance Questionnaire for you to review here or if time doesn’t permit you can download the full document with all 20 questions listed at the following link: The HIPAA Checklist
Have You Conducted the Following Audits/Assessments? (NIST Guidelines)
Special Publication 800-30, Chapter Three, under the Guide for Conducting Risk Assessments; NIST guidelines require that you must administer three types of Assessments:
You must remember, there are four assessment steps, under the NIST guidelines you must follow:
Step 1. Prepare For Assessment
Step 2. Conduct Assessment
Step 3. Communicate Assessment Results
Step 4. Maintain Assessment
What Policies and Procedures Relevant to the HIPAA Privacy, Security, and Breach Notification Rules Do You Have In Place?
Staff members at every level are required to read and attest to your Policies and Procedures. Once they have done so, their attestation would be documented and kept on file. Which brings us to the question an auditor will ask, “do you have documentation of their current or recent review and endorsement?” If so, under an audit you might be asked to produce such files.
Along with documenting the staff’s attestation, there are annual reviews of those same Policies and Procedures. Do note: yearly recording of reports, of your Policies and Procedures, is also required under HIPAA compliance.
Have All Staff Members Undergone Basic HIPAA Training?
HIPAA training is not optional. It is mandatory for anyone, doctors, staff, vendors, and business associates who come in contact with protected health information (PHI). HIPAA requires your organization to provide training for:
All employees – Full or part-time
New workforce members – Staff recently hired
Documentation of all staff’s training – New HIPAA training or refresher courses
Periodic refresher training – Ongoing and continuous training
Bear in mind all regulations do get updated yearly. To stay current, and avoid falling behind, a best practice refresher training should be at least once a year. All staff, from doctors down to part-time employees or interns, must go through the training. Also, failure to comply with refresher training for all members, can and will result in HIPAA violations and stiff fines.
Have You Identified All Business Associates?
Another mandatory part of HIPAA compliance is identifying all business associates. You must have every Business Associate Agreement in place and signed by all Business Associates, and this too is not optional.
Two of the questions an auditor will ask you:
Have you audited your Business Associates to guarantee they are HIPAA compliant?
Do you have documented reporting to prove your due diligence?
Between the Privacy Rule for Protected Health Information (PHI) and the Security Rule for Electronic Protected Health Information (ePHI), it is a must to confirm all business associates went through an audit, provided signed business associate agreements, and are currently HIPAA compliant.
Do You Have a Management Process In Place In the Event of Incidents and Breaches?
Incidents and Breaches are a grave matter. They do happen, but a current practice has a management process in place in the event either of these occurs. To be prepared, there will be four possible questions an auditor will ask in case of an audit:
What is your process to track and manage all incident investigations?
Can you demonstrate how you investigated all incidents?
What reporting can you provide for any incidents or breaches?
Have you implemented an anonymous reporting process for all of your staff?
Where Can You Download The Full HIPAA Compliance Questionnaire?
The purpose of this article is to give you HIPAA tools that will be easy to use and keep you on the compliant side of HIPAA. You’ve just read only five of the twenty questions that are listed on the Checklist. To grab a copy of all 20 Questions, click on the link: The HIPAA Checklist