HIPAA Survival Risk Assessment Questionnaire

Have all Employees been trained, with a Proof-of-Training Certificate on file for the new HIPAA Omnibus Rules from 2013?

Have all Employees signed a HIPAA Omnibus Rule Confidentiality Agreement that outlines how they should be handling patient Protected Health Information (PHI) while at work and when away from work?

Does your office have a new HIPAA Manual written to the new Omnibus Rule Standards of 2013?

Does your office have a written document listing your HIPAA Officers to include:

• HIPAA Privacy Officer
• HIPAA Compliance Committee Members

Is your Daily Data Back-Up Off-site or On site?

Is your Daily Data Back-Up Encrypted?

Do you process Credit Cards for payment?

Does your IT Support Team run necessary periodic tests to insure your internet and computers are up to current HIPAA Standards for security and safety?

Do you collect Patient Information over internet:  Via your Website, on Facebook or other social media outlets?

Does your office have written policies that describe (in detail):

• Daily Data Back Up Protection Policy
• Emergency / Contingency Plan for protecting and recouping Patient Information
• Out-Going Email Protection Policy?

Does your office have Out-Going Email Encryption Software Patch in place?

Does your office have a HIPAA Compliance Statement that you attach to all outgoing emails and faxes?

Do you have all of the following in place to the new HIPAA Omnibus Rule Standards:

• Employee Training & Confidentiality Agreements Signed and on file
• New Patient HIPAA Acknowledgement forms in use to HIPAA Omnibus Rule Standard
• New Business Associate Agreements in use to HIPAA Omnibus Rule Standard
• All HIPAA Omnibus Rule Facility Protocols updated and in place
• All HIPAA Omnibus Rule Written Policies, written in detail, updated and in place

Are you still running Microsoft XP in your office as the main software?

How Many Employees do you currently have on staff?