Name of University Privacy Officer (if different from above)
HIPAA Audit Checklist
1. Results of audits and/or gap analysis performed
2. Topics of issues raised in regular consultation with the Office of General Counsel
3. Results of annual review and report on privacy and security safeguards by the appropriate Computer Services personnel
4. Compliance efforts for this reporting period
a. Revision to policies, procedures, and practices required by HIPAA privacy regulations, or changes in practices:
b. Actions taken to ensure that there are no prohibited uses or disclosures of Protected Health Information (PHI) to non-designated Health Care Component workforces, or outside entities (as noted in Section 7. f. below)
c. Complaints received and their resolution, if any (clarify between those that are open vs. closed)
d. Employee violations (specify level) and their resolution. Include sanctions, if any, and actions taken to reduce or eliminate likelihood violations will be repeated
5. List and explain outreach and training efforts to increase awareness and compliance:
6. Describe plans for future improvements in enforcement and compliance efforts:
7. Attach one copy of each of the following documents to your Annual HIPAA Report:
a. Notice of Privacy Practices.
b. Policies and Procedures developed or updated for HIPAA compliance
c. Copies of updated templates, forms and documents used in compliance with HIPAA
d. Attestation of training for the HIPAA workforce:
e. List of departments and personnel outside your Health Care Component that performs functions for your Health Care Component
f. List of current Business Associates, include a copy of the Business Agreement
I declare that the information I am submitting in this HIPAA Report is true and accurate to the best of my knowledge and belief.
Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.