HIPAA Self Assessment

Is a healthcare team HIPAA Compliant?

Read these six (6) questions.

Answer YES then Congratulations!

Answer NO then think about upgrading with the tools at Clinic Nerds.

Does your healthcare team have a HIPAA Notebook?

If it is not documented, then it did not happen. The HIPAA Notebook holds all HIPAA related documentation. It can be a three-ring-binder type of notebook or a digital document/folder on a computer.

Does your healthcare team have a designated HIPAA Specialist?

Once person needs to go deep on understanding HIPAA. Every team needs one person who is the "specialist" or expert at HIPAA. A HIPAA Specialist can cover more than one healthcare team. If a medical practice has two (or more) locations in town, one HIPAA Specialist can cover all the locations. The main job of a HIPAA Specialist is to document a risk assessment. ↓

Has somebody documented a Risk Assessment?

A good risk assessment will document all of the people, places and things (medical device, computers) that have Patient Data. The documented risk assessment goes in the HIPAA Notebook.

Has everybody taken a basic course on HIPAA?

Everybody should know the basics of HIPAA and be aware of it. Responsible healthcare organizations require annual recertification for their entire workforce.

Are there signed Business Associate Agreements (BAA)?

In the course of conducting business, it will be necessary to (legally) share Patient Data. If a business partner is not a 'Covered Entity' and Patient Data is being shared, then it is required to have a signed BAA.

Are all of the computers using encryption?

The #1 reason for HIPAA fines is stolen computers that were not using encryption. If you want to take action today, then start enabling encryption on all computers that have Patient Data.

This information is based on a study of all the HHS Resolution Agreements for HIPAA Violations. In other words, this self-assessment is based on what the HIPAA Police are prosecuting.

  • 'Healthcare Team' could be a medical practice, hospital, pharmacy, insurer ...
  • 'Privacy Officer' and 'Security Official' are other names for 'HIPAA Specialist'
  • 'Patient Data' is another way of saying 'Protected Health Information' or PHI
  • Link to HHS Resolution Agreements
  • 'HIPAA Police' are HHS-OCR