SCALE Healthcare Leadership Conference on October 18, 2023 at 8:00 AM-6:00 PM. Click here to register

SCALE COMPLIANCE
HIPAA RISK ASSESSMENT

Welcome to SCALE Healthcare’s
FREE
HIPAA Compliance Risk Assessment

    The following areas have been identified by the HHS Office for Civil Rights as essential elements
    of an effective HIPAA compliance program.

    Use the checkboxes on the next page to self-evaluate HIPAA compliance in your practice or organization.


    REQUIRED ANNUAL AUDITS/ASSESSMENTS

    Have you conducted the following audits/assessments within the last 12 months?

    Cyber Security Risk Assessment (i.e., HiTECH)Privacy AssessmentAdministrative AssessmentPhysical Site Audit

    DOCUMENTING GAPS/REMEDIATION

    Have you documented all program gaps identified in the above audits/assessments?Have you created and documented work plan to address any deficiencies?Do you review and update these remediation plans quarterly and annually?How about reporting gaps to compliance committee and governing body?

    POLICIES AND PROCEDURES

    Do you have Policies and Procedures relevant to the annual HIPAA Privacy, Security, and Breach Notification Rules?Have all staff members read and legally attested to the Policies and Procedures?Do you have documentation of their legal attestation?Do you have documentation for annual reviews of your Policies and Procedures (i.e., disciplinary policies for non adherence)?

    STAFF TRAINING

    Does your staff understand how to support/reinforce a culture of compliance in accordance with your Policies and Procedures?Do you train all staff members on HIPAA rules and requirements annually and upon onboarding?Do you have documentation of their training (i.e., competency demonstration)?Have you designated a staff member as the HIPAA Compliance, Privacy, and/or Security Officer?Have you created a Compliance Committee which is adequately represented by various department leaders?

    WORKING WITH VENDORS AND SHARING PHI

    Do the vendors with whom you share PHI maintain a culture of compliance?Have you identified all vendors with whom you share PHI (Business Associates)?Are your Business Associate Agreements listed in an OCR audit ready format?Have you performed due diligence on your Business Associates to ensure HIPAA compliance?Do you annually review your Business Associate Agreements?Do you have confidentiality agreements with vendors who do not meet the standard of Business Associate (i.e., named insured on BAAs cyber policies)?

    REPORTING AND INVESTIGATIONS

    Do you have the ability to track and manage the investigations of all incidents?Have you created reports to prove due diligence?Do you have a process for reporting minor or meaningful breaches or incidents?Do you have an anonymous hotline for staff members to report an incident?Do you have policies/processes for breach notifications to HHS?

    Need help with your
    HIPAA Compliance Risk Assessment?

    Email us to set up a time to speak to one of our compliance and risk experts who will run through each aspect of the checklist with you and answer any questions you have.

    LISA MELAMED

    President, SCALE Compliance & Risk Management

    Log in

    If you are a community member

    Thanks for visiting!

    Put your email and we promise we won’t spam you. We have so much to show you.

    Join SCALE Community

    We are excited for you to share in the benefits of SCALE community’s healthcare focus materials. If you are not currently a member sign up now to get unlimited access to all our materials.