420 Bannister Rd #400 Kansas City, MO 64131
(816) 381-9967

HIPAA Compliance IT Checklist

HIPAA Compliance is a set of standards identified for handling sensitive information that pertains to a patient's health data, known as Patient Health Information (PHI). The enforcement of these regulations have become more rigid as more medical offices have transitioned from physical health files to a more digitized environment.

If you are concerned about your office's methods for gathering, storing, and accessing PHI, the following checklist is a good place to start.

  • Passwords need to be set to change every 90 days
  • Screen lock on devices automated
  • Firewall setup to track and alert malicious activity
  • Backups are completed daily and replicated offsite
  • Computers should be encrypted
  • Email encryption capabilities
  • Anti-virus is installed on every device
  • Endpoint detection is installed on every device
  • Employees receive annual HIPAA training
  • Recording of employee login information
  • A contingency plan exists in case of disasters
  • Business associate agreements are in place with vendors
  • Physical security is sufficient
  • Network and server equipment are stored in a locked, secure room
  • Locations storing PHI are equipped with alarm system that is set during non-business hours
  • All incidents should be logged (security breaches)
  • Must have confidentiality agreements with vendors who have access to rooms with PHI
  • A secure and encrypted VPN is available for employees working remotely

To learn more regarding Kansas City Managed IT's HIPAA compliant services, please visit this page.

November 6, 2019