International Center for Chiropractic Office Management

"ICCOM, A Leader in Chiropractic Office Management and Compliance Training" 

Member Login

  • Home
  • Privacy Checklist

THE HIPAA Privacy Checklist

Federal HIPAA privacy regulations mandate that all covered entities MUST:

  • Designate a privacy official responsible for developing/implementing HIPAA policies and procedures;
  • Document policies and procedures with respect to PHI showing compliance with the HIPAA privacy regulations;
  • Make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose of the use or disclosure;
  • Provide a process for access to the individual’s health information;
  • Develop a system for tracking disclosures of PHI, with some exceptions for payment, treatment, or health care operations related disclosures;
  • Provide a process for individuals to amend their health records when appropriate;
  • Develop business associate contracts/agreements that ensure business associates can comply with HIPAA;
  • Mitigate, to the extent possible, any harmful effect that is known to the entity from the use or disclosure of private health information in violation of the entities’ policies and procedures;
  • Develop procedures for verification of the person requesting PHI and the authority of that person to have access;
  • Provide a process for individuals to request alternative means of communication, place restrictions on the use of their health information, and make a complaints concerning the covered entity’s policies and procedures or compliance with such policies and procedures;
  • Refrain from requiring individuals to waive the right to make a complaint to the covered entity or to the U.S. Department of Health and Human Services (DHHS) Office for Civil Rights as a condition of receiving treatment:
  • Refrain from intimidating or retaliatory acts toward individuals exercising their rights granted under HIPAA privacy;
  • Have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI;
  • Provide training for workforce members on the policies and procedures to protect health information;
  • Apply appropriate safeguards against staff who fail to comply with the policies and procedures of the entity; and
  • Develop and disseminate a privacy notice.
Powered by Wild Apricot Membership Software