HIPAA Risk Assessment HIPAA and HITECH Name of Practice Contact Person First Last PhoneEmail Do you have documentation of staff annual HIPAA training? Yes No Don't Know Training of new hires before granting computer access to information? Yes No Don't Know Does your team understand what the “minimum necessary” Protected Health Information (PHI) is to carry out their job functions? Yes No Don't Know Is that delineated, or at least addressed, in their job description? Yes No Don't Know Have your privacy AND security policies been updated to include provisions of the HITECH Act and the Final Omnibus Rule? Yes No Don't Know Have you updated your HIPAA Business Associate Agreements to include the HITECH Act provisions? Yes No Don't Know Are your Business Associates and their subcontractors aware of their legal resonsibility under the law? Yes No Don't Know Did you update your Notice of Privacy Practices to include the 2013 Final Omnibus changes? Yes No Don't Know Was it re-distributed to your patients? The guidelines require that you do so when there are substantive changes. Yes No Don't Know Do you conduct the required Security & Risk Assessments to identity potential risks and vulnerabilities to PHI on an annual basis or more frequently if there are changes? Yes No Don't Know Do you have the required written risk management, incident response and contingency plans? Do you have documentation that those plans have been updated annually or more frequently as needed? Yes No Don't Know Do you validate media destruction or sanitization when destroying PHI such as old hard drives, flash drives, memory on copy machines or paper records, etc.? Yes No Don't Know Have you appointed a Security Officer as well as a Privacy Officer and have job descriptions for both? Yes No Don't Know Do you email PHI to patients or referring dentists/physicians? Yes No Don't Know Are those emails encrypted or do you have patient permission to send PHI in an unencrypted format? Yes No Don't Know Would you like someone from our office to call regarding your assessment? Yes No NameThis field is for validation purposes and should be left unchanged.