Get safely back to business with our COVID-19 specific resources

HIPAA Compliance Checklists

Digital HIPAA risk assessments to address evolving information security risks and stay compliant with HIPAA provisions.

Get everyone on the same paperless page.
Rated 4.6/5 stars on Capterra from 76 ratings
Available on iOS, Android and Web
Get started for FREE

Published March 26th, 2020

What is a HIPAA Compliance Checklist?

A HIPAA compliance checklist is a tool that helps institutions and their associates who handle Protected Health Information (PHI) stay compliant with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a US law that requires the careful handling of PHI or individually identifiable health information. Violation of HIPAA can lead to costly fines and legal action.

This article will briefly discuss (1) the biggest causes of HIPAA breach, (2) useful tips that can help your organization stay compliant with HIPAA, and (3) technology that can help Privacy Compliance Officers and Information Security Officers assess their organizations’ HIPAA compliance.

Biggest Causes of HIPAA Breach

HIPAA breaches can happen due to a number of reasons:

  • Unintentional error – instances wherein medical practitioners disclose medical conditions and sensitive patient information to the wrong person or situations where unsecured medical documents can be easily accessed by unauthorized persons.
  • Cyberattacks – cases of hacking, ransomware, or malware can compromise information security and expose massive sensitive data containing individually identifiable health information leading to millions of dollars in settlement.
  • Lost/stolen device – lost or stolen laptops, USB, or handheld devices can lead to unauthorized access to electronic Protected Health Information (ePHI). Devices with the proper encryption of PHI can help avoid HIPAA breaches.
  • Unauthorized disclosure/access – exposing PHI to inappropriate avenues or not correcting unauthorized access to PHI can be costly if not addressed appropriately.
    Vulnerabilities and new threats to the security of PHI can be addressed to stay HIPAA compliant.

Tips to Stay HIPAA Compliant

Help avoid HIPAA violations with these tips:

  1. Start with HR – recruit the right staff, conduct background checks, and provide the proper training on handling patient information. Keep staff updated about new risks to information security.
  2. Evaluate the compliance of staff and partners – check the practices of staff and vendors handling PHI. Reinforce HIPAA compliant practices by conducting audits (per HIPAA) and observe staff while on the job. Ask vendors for evidence of HIPAA compliance.
  3. Access controls – establish physical safeguards for access to information and implement encryption of PHI to mitigate the risk of an information breach. Make sure that IT is always updated about threats and the systems in place are prepared for cyberattacks.
  4. Conduct Security Risk Assessments – institutions and staff are constantly exposed to new threats to information security. Conducting regular security risk assessments can help identify and immediately mitigate new and evolving risks to prevent costly HIPAA breaches from taking place.

Technology to Help Streamline HIPAA Compliance and Reporting

Staying compliant with HIPAA in the face of new and changing information security risks can be daunting. Conducting risk assessments and addressing time-sensitive gaps can be challenging and time-consuming if the organization is heavily dependent on paper-based documentation. The more time spent on the documentation of risks, the longer PHI is exposed to risks.

iAuditor, the world’s most powerful mobile auditing app, can help Privacy Compliance Officers and Information Security Officers proactively assess risks and maintain PHI security. Conduct regular audits using the iAuditor app to document gaps and immediately correct issues. Observe trends of non-compliance in order to custom-fit training for staff and reinforce best practices. Spend less time on documentation and allot more energy and resources on addressing risks to avoid costly penalties.

To save you time, we have prepared these digital HIPAA compliance checklists that you can download and customize – no programming skills required!


Erick Brent Francisco

SafetyCulture staff writer

As a staff writer for SafetyCulture, Erick is interested in learning and sharing how technology can improve work processes and workplace safety. Prior to SafetyCulture, Erick worked in logistics, banking and financial services, and retail.