A comprehensive checklist to help healthcare organizations achieve and maintain HIPAA compliance, covering administrative, physical, and technical safeguards.
Administrative Safeguards
Security Management Process
- Risk analysis
- Risk management
- Sanction policy
- Information system activity review
Workforce Security
- Authorization and supervision
- Workforce clearance procedure
- Termination procedures
Information Access Management
- Access authorization
- Access establishment
- Access modification
Physical Safeguards
Facility Access Controls
- Contingency operations
- Facility security plan
- Access control and validation
- Maintenance records
Workstation Security
- Workstation use
- Workstation security
Device and Media Controls
- Disposal
- Media re-use
- Accountability
- Data backup and storage
Technical Safeguards
Access Control
- Unique user identification
- Emergency access procedure
- Automatic logoff
- Encryption and decryption
Audit Controls
- Activity logs
- Audit trails
- Security incident tracking
Integrity
- Mechanism to authenticate ePHI
- Transmission security
Organizational Requirements
Business Associate Contracts
- Written agreements
- Security requirements
- Compliance monitoring
Documentation
- Policies and procedures
- Documentation updates
- Retention requirements
If you're transitioning from SOC 2, see From SOC 2 to HIPAA: What to Expect. For automating compliance, read Building an AWS Audit Manager Solution in Under Two Days with Amazon Q. For vendor risk, see Third-Party Risk Management: Best Practices.
Need Help with HIPAA Compliance?
Our team can help you:
- Conduct risk assessments
- Implement safeguards
- Develop policies and procedures
- Train your staff