General Information

Organization Name

Auditor Name

Audit Date

Contact Email

1. Administrative Safeguards

Is there a designated HIPAA Privacy Officer?

Yes No

Are HIPAA policies and procedures documented and reviewed annually?

Yes No

Comments

Are physical access controls in place for areas with ePHI?

Yes No

Are device/media controls used for ePHI?

Yes No

Comments

Are access controls (unique user IDs, passwords) implemented?

Yes No

Is ePHI encrypted in transit and at rest?

Yes No

Comments

Is there a documented breach notification policy?

Yes No

Have staff received breach notification training?

Yes No

Comments

Additional Notes

Actions Required