Information
-
Building/Room number
-
Site
-
Manager/Supervisor
-
Conducted on
-
Prepared by
-
Personnel assisting inspection
Disposal and retention of protected health information.
-
Document containing are shredded prior to disposal or they are placed an appropriate disposal containers?
-
Regular trash cans are free of paper, labels, and any items that contain PHI
-
Are any computer screens visible from individuals not employed by the clinical lab ?
-
Documents with phir secured in close files or turn face down on work surfaces?
-
Patient information cannot be overheard in public areas hallways core doors or elevators or within earshot of visitors?
Clinical Areas
-
How are patients called to the room?
-
Do providers and/or staff discuss patient information in or near clinical areas where other patients can overhear?
-
Are telephone calls made to other providers, labs, pharmacies, hospitals, managed care administrators, or case managers in which patient information is discussed and other patients can overhear?
-
Are telephones used in exam rooms?
-
Are lab specimen logs kept covered to prevent PHI from being visible?
-
Are patients escorted from the waiting room to draw area?
-
Are orders given to patients privately or in a low voice as to not be overheard during their check out process?
-
Is any PHI visible in the clinical workstations while unattended?
-
Are PHI shred bins emptied and not overfilled?
-
Are passwords of any kind visible in the clinical workstations?
Front Office and Business Office
-
Is the fax machine located in a secure place?
-
Are there any security passwords visible?
Medical Records
-
Are all staff members allowed access to the medical records department?
-
Are medical records (requisitions, reports, etc) transferred between locations?
-
Is the patients written authorization received before release of PHI?
-
Are authorizations filed in the patients medical record?
-
Does the practice have a staff member who is trained to answer patient questions about their records?
Methods of Conveying PHI
-
How can medical records be sent to specialists or other providers the patient is being referred to?
-
Can patients and providers communicate by e-mail?
-
Can test results and other information be given to patients over the telephone?
All Areas
-
Are computer monitors positioned away from public areas to avoid observation by visitors or patients?
-
A screens on unattended computers turned to the log-on screen or have a password enabled screen protector?
-
Does staff protect their ID and passwords and never share them?
-
Are paper records stored behind locked rooms when not staffed?
-
Confidential patient information is not left on an unsecured printer, photocopier, or fax machine unless these devices are in a secure area.
Personnel Policies
-
Does the practice have HIPAA privacy policies written and incorporated in the employee handbook?
-
Are the privacy policies and procedures up to date?
-
Do new employees receive privacy training as part of their orientation?
-
Has all existing staff undergone Privacy Training?
-
Is employee training documented?
Signatures
-
Add signature