Page 4 - HIPAA Compliance Checklist
P. 4
Password Checklist Network Access Checklist
Policies are in place prescribing pass- Policies are in place prescribing network
word practices for the organization. configuration and access.
All staff members understand and agree All staff members understand and agree
to abide by password policies. to abide by network use policy.
Each staff member has a unique user- Access to the network is restricted to
name and password. authorize users and devices.
Passwords are not revealed to or shared Guest devices are prohibited from ac-
with others. cessing networks that contain Protected
Health Information (PHI).
Passwords are not written down or dis-
played on screen. Wireless networks use appropriate en-
cryption.
Passwords are hard to guess, but easy
to remember. Computers contain no peer-to-peer appli-
cations.
Passwords are changed routinely.
Public instant messaging services are not
Passwords are not reused. used.
Any default passwords that come with Private instant messaging services, where
a product are changed during product used, are secured appropriately.
installation.
Physical Access Checklist
Any devices or programs that allow op-
tional password protection have pass- Policies are in place prescribing the phys-
word protection turned on and in use. ical safety and security of devices.
All staff members understand and agree
to abide by physical access policies.
95% of Healthcare All devices containing Protected Health
Organizations have Information (PHI) are inventoried and
can be accounted for.
Internet Connectivity. Computers are protected from environ-
mental hazards.
25% Have No Firewall. Physical access to secure areas is limited
to authorized individuals.
Computers running Electronic Health
Record (EHR) systems are shielded from
unauthorized viewing.
Equipment located in high-traffic or less
secure areas is physically secured.
