Check List For HIPAA Compliance

 Written Forms and Documents

 ___   Privacy Practices Notice, required for all covered entities

___  Authorization Form

___  Business Associate Contracts

___  Consent (here you're following your state and ethical rules, not HIPAA)

___  Policy and Procedure Document


Check List of elements to be addressed in Policy and Procedure Document:

__ Privacy officer or contact

__ Training programs

__ Sanction process

__ Safeguard and Security systems (including physical protection of records/computers)

__ Security Regulation (electronic transactions)

__ Complaint process (written policy/procedure required)

__ Minimum Necessary Guidelines

__ Plan to maintain Policy and Procedure document for 6 years

__ Policy to guide oral communication/documentation

__ Policy if you make changes in privacy practices

__ Account for Privacy Practices Notice

__ Procedures for contracting with Business Associates and monitoring those relationships

__ Policy/procedural documentation for each of these patient “rights”

The right to:

1)     Restrict use/disclosure

2)     Receive confidential communications

3)     Access, inspect and copy record

4)     Amend or correct the clinical record

5)     Receive an accounting of disclosures

6)     Receive a written privacy Practices Notice


__ Clinical Record Protocol, see suggested guide line to separate “psychotherapy notes” from “medical record”