A critical part of achieving HIPAA compliance is completing a security risk assessment at least once yearly. Not only is it a good idea, but also because it’s a requirement of the HIPAA law.
A HIPAA compliance audit checklist can help you work through the security risk assessment process and reveal potential gaps. Here are some things you must include if you’re building a HIPAA audit checklist.
HIPAA Audit Checklist Privacy Rule Standards
On the surface, the HIPAA Privacy Rule seems straightforward:
- It defines the patient data that constitutes protected health information (PHI)
- It defines the appropriate use or disclosure of PHI
- It gives patients the right of access to their PHI
The law defines up to 14 standards that organizations must comply with if they are subject to the HIPAA Privacy Rule. The standards differ depending on the organization and how they use patient PHI.
A dental office and a document storage company might have different standards to meet. But the terms of a business associate agreement between the two might add additional standards that must be met.