DO YOU HAVE A NAMED AND ADEQUATELY TRAINED SECURITY & PRIVACYOR COMPLIANCE OFFICER?

Does your staff know who they are and when/how to contact them?

HAS YOUR COMPLIANCE OFFICER CONDUCTED YOUR REQUIRED SECURITY RISK ASSESSMENT FOR THIS YEAR?

Have they documented your required risk mitigation plan this year to identify any security/privacy gaps and completed a remediation plan to resolve them?
Has your Compliance Officer been periodically updating and maintaining the required documentation for your risk management/remediation plan?

HAS YOUR COMPLIANCE OFFICER WRITTEN/UPDATED YOUR REQUIRED HIPAA POLICIES AND PROCEDURES MANUAL THIS YEAR?

Has every staff member attested to having read and understood this manual?
Did you conduct a test of your documented procedures for your Contingency Plan this year?
Have you had a breach in the past year?
If you had a breach, did you report it following your documented HIPAA procedures?

HAS YOUR COMPLIANCE OFFICER TRAINED YOUR NEW STAFF ON HIPAA PROTOCOL WITHIN YOUR POLICY'S DEFINED TIME PERIOD AFTER HIRING?

Has your Compliance Officer trained your entire staff of owners, managers,admin, and employee-based providers this year?
Has your Compliance Officer, or anyone else, trained your contract providers on HIPAA?
Do you have documented proof of everyone's completed training?

Do your Business Associates have a signed BAA agreement?

Did you review/update the BAA this year to see if it contains the current required HIPAA content?
Did you re-verify this year that each Business Associate is HIPAA-compliant?