Assessment, remediation planning, document generation, and implementation roadmap - everything you need for HIPAA compliance.
Do you have a designated Privacy Officer and Security Officer?
Have you conducted a comprehensive risk assessment in the last 12 months?
Do you have written policies and procedures for HIPAA compliance?
Do you provide annual HIPAA training to all workforce members?
Do you have a sanction policy for HIPAA violations?
Do you have Business Associate Agreements with all vendors who handle PHI?
Do you have facility access controls (badge systems, locks, etc.)?
Are workstations positioned to prevent unauthorized viewing of PHI?
Do you have secure disposal procedures for PHI (shredding, wiping)?
Are all devices containing PHI encrypted or physically secured?
Do you require unique user IDs for all systems accessing PHI?
Is multi-factor authentication (MFA) enabled for all PHI access?
Do you encrypt PHI both at rest and in transit?
Do you maintain audit logs of all PHI access and modifications?
Do you have automatic logoff after periods of inactivity?
Do you have intrusion detection and prevention systems in place?
Do you have a documented breach notification procedure?
Can you identify and respond to a breach within 60 days?
Do you have an incident response team and plan?
Please answer all questions to see your results