Your IT Checklist for HIPAA Compliance

If your business is in the field of healthcare or dental care then you know the terms HIPAA (Healthcare Insurance Portability and Accountability Act ) and ePHI (electronic Protected Health Information) all too well. These safeguards for HIPAA compliance protect both the private data and security provisions of sensitive medical information. Criteria to maintain compliance for this federally mandated legislation falls into three main categories: technical safeguards, physical safeguards, and administrative safeguards. While your network and systems (including both hardware and software) should be installed and regularly maintained by an IT expert with experience in HIPAA regulations and compliance, here is a quick checklist for you to use merely as a guide to compliance.


Technical Safeguards: This area of criteria for HIPAA compliance deals with the technology used to store and transmit confidential patient data. The U.S. Department of Commerce – National Institute of Standards and Technology (NIST) requires that, regardless of whether the data is at rest or in transit, it should be encrypted according to their standards. This ensures that any breach of confidential patient data renders the data unreadable, undecipherable, and unusable. Included in this safeguard are:


  • Access Control – This includes unique usernames and PIN numbers for each user, as well as a procedure for the release of data in an emergency.
  • Authentication of ePHI – Has any of the electronic information been altered in an unauthorized manner?
  • Tools for Encryption and Decryption
  • Implementation of Activity Logs and Audit Controls
  • Automatic log off for workstations after a certain amount of time


Physical Safeguards: These safeguards focus mainly on the access of data where it is stored, whether it is in the cloud or on a server located on the premises. It also means safeguards for workstations and all devices where an unauthorized person could gain access to sensitive data.


  • Implementation of strict procedures for facility access including all employees, cleaning personnel, and other visitors to the office.
  • Policies for protecting patient information at each workstation, whether it is who can use each workstation or even how the monitor is to be positioned so sensitive data can not be viewed by unauthorized people.
  • Policies and Procedures for Mobile Devices
  • Inventory of Hardware including: tracking movement to storage facilities, repairs, and disposal.


Administrative Safeguards:  This area brings together the Privacy Rule and Security Rule, and includes:


  • Risk Assessments
  • Instruction of a Risk Management Policy and Sanctions Policy for employees who do not comply.
  • Training Employees
  • Emergency Planning
  • Restricting Third Party Access
  • Reporting Security Incidents


Does your medical or dental practice have an expert technical professional maintaining your technology to remain in compliance? Or are you adding new technology that needs to be compliant? Call or text Spectra Networks at 978.219.9752, or visit our website today.