HIPAA Compliance Checklist for Business Associates

Modified on Wed, 14 Jun, 2023 at 12:12 PM

Documentation 

  1. Risk Assessments need to be completed annually. 
    1. All gaps have been remediated. 
  2. Review your policy and procedures every year for business or legal changes.  
    1. Document that all audit logs have been reviewed in the current year and gaps have been  remediated. 

  3. Keep track of visitors to your physical site. 

  4. Keep track of storage devices (Hard Drives, USB Flash Drives) that have been properly  destroyed. 

  5. Log all viruses and malware attacks to The Guard’s Incident Manager. 

  6. Confirm any new business associates have completed their technical audit and that you have a  signed BAA. 


Security 

  1. Send quarterly security and procedure reminders to staff. 

  2. Log out when leaving workstation, turn on alarm when leaving, etc. 

  3. Update passwords to a minimum of eight (8) characters in length, using a special character and  capital letter. 

  4. Restrict sequential, repetitive characters, context specific passwords, and commonly used passwords (i.e. 12345, aaaaaa, the name of the site, p@ssw0rd, and dictionary words).
    1. Make sure you are not sharing passwords.

  5. Make sure you have encrypted email or a policy that no emails containing ePHI are to be sent. Restrict admin rights to any PHI software. 

  6. Make sure your staff understands that breaches occur. If a breach occurs, please report it to the Privacy or Security Officer for resolution. 


Training 

  1. Make sure all employees (new and existing) have completed their new hire, or  yearly HIPAA training.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article