HIPAA Assessment

"*" indicates required fields

Contact Person*
Do you have documentation of staff annual HIPAA training?*
Training of new hires before granting computer access to information?*
Does your team understand what the “minimum necessary” Protected Health Information (PHI) is to carry out their job functions?*
Is that delineated, or at least addressed, in their job description?*
Have your privacy AND security policies been updated to include provisions of the HITECH Act and the Final Omnibus Rule?*
Have you updated your HIPAA Business Associate Agreements to include the HITECH Act provisions?*
Are your Business Associates and their subcontractors aware of their legal resonsibility under the law?*
Did you update your Notice of Privacy Practices to include the 2013 Final Omnibus changes?*
Was it re-distributed to your patients? The guidelines require that you do so when there are substantive changes.*
Do you conduct the required Security & Risk Assessments to identity potential risks and vulnerabilities to PHI on an annual basis or more frequently if there are changes?*
Do you have the required written risk management, incident response and contingency plans? Do you have documentation that those plans have been updated annually or more frequently as needed?*
Do you validate media destruction or sanitization when destroying PHI such as old hard drives, flash drives, memory on copy machines or paper records, etc.?*
Have you appointed a Security Officer as well as a Privacy Officer and have job descriptions for both?*
Do you email PHI to patients or referring dentists/physicians?*
Are those emails encrypted or do you have patient permission to send PHI in an unencrypted format?*
Would you like someone from our office to call regarding your assessment?*
Would you like to subscribe to our e-newsletter?*
This field is for validation purposes and should be left unchanged.