The requirement for covered entities to conduct a HIPAA risk assessment was introduced in 2003 with the original HIPAA Privacy Rule.
Conducting periodic risk assessments is not only required by law, but will also help you avoid potential violations that can be incredibly costly.
"More recently, the majority of fines have been under the “Willful Neglect” HIPAA violation category, where organizations knew – or should have known – they had a responsibility to safeguard their patients´ personal information. Many of the largest fines – including the record $5.5 million fine issued against the Advocate Health Care Network – are attributable to organizations failing to identify where risks to the integrity of PHI existed." - HIPAA Journal, HIPAA Risk Assessment
Facing a sudden data breach by a group of skilled cyber-crime attackers would be a lot more damaging if an investigation showed that the breach could have been avoided, and was largely due to a failure to identify and safeguard risks.
This checklist is designed to guide you through a comprehensive evaluation of your compliance with the HIPAA Privacy Rule, and to identify areas that need to be addressed to improve PHI security.
The template is split up into the following sections:
- Check-in procedures (patient identity verification, insurance etc.)
- Clinical areas (ensuring no PHI is visible/accessible)
- Medical records (staff access, physical security, patient authorization)
- General security (computer monitors, paper records)
- Personnel policies (employee training, documentation)
Once the checklist is complete, you will have an accurate understanding of how well your organization is protecting PHI. You will also identify areas that need to be addressed and set out clear action items to optimize security measures.
Let's get started!
A little info about Process Street
Process Street is superpowered checklists. By using our software to document your processes, you are instantly creating an actionable workflow in which tasks can be assigned to team members, automated, and monitored in real-time to ensure they are being executed as intended, each and every time.
The point is to minimize human error, increase accountability, and provide employees with all of the tools and information necessary to complete their tasks as effectively as possible.