HIPAA Security Rule Audit Checklist

Comprehensive HIPAA Security Rule compliance audit covering all required administrative, physical, and technical safeguards for electronic protected health information (ePHI).

• Industry: Healthcare
• Frequency: Annual
• Estimated Time: 4-6 hours
• Role: Security Officer/IT
• Total Items: 32
• Compliance: HIPAA Security Rule, 45 CFR 164.308-312, NIST Cybersecurity Framework

Administrative Safeguards

164.308 requirements

• Risk analysis conducted and documented?
• Risk management plan implemented?
• Workforce sanction policy in place?
• Information system activity review conducted?
• Security officer designated?
• Workforce security procedures implemented?
• Security awareness training provided?
• Contingency plan developed and tested?

Physical Safeguards

164.310 requirements

• Facility access controls implemented?
• Workstation use policies in place?
• Workstation security measures implemented?
• Device and media controls in place?

Technical Safeguards

164.312 requirements

• Unique user identification implemented?
• Emergency access procedure established?
• Automatic logoff implemented?
• Encryption mechanisms in place?
• Audit controls implemented?
• Integrity controls in place?
• Transmission security implemented?

Policies & Procedures

Documentation requirements

• All required policies documented?
• Policies reviewed and updated as needed?
• Documentation retained for 6 years?

Pre-Assessment Information

Initial assessment documentation and patient/facility identification

• Assessor Name / Credentials
• Assessment Date
• Department / Unit
• Assessment Type (Routine/Annual/Complaint)
• Previous assessment findings reviewed?

Infection Prevention & Control

Verify infection control practices per CDC and Joint Commission standards

• Hand hygiene compliance observed?
• Appropriate PPE available and properly used?
• Isolation precautions properly implemented?
• Sharps containers available and not overfilled?
• High-touch surfaces properly disinfected?

Related Healthcare Checklists

• Patient Rights Admission Review Checklist
• Interpreter Services Documentation Checklist
• Medical Staff Credentialing Verification Checklist
• Joint Commission Tracer Audit
• CMS Emergency Preparedness Compliance Checklist
• Surgical Time-Out Verification Checklist
• Central Line Insertion Bundle Checklist
• CAUTI Prevention Bundle Checklist

Related Regulatory Compliance Checklists

• Joint Commission Tracer Audit - FREE Download
• Patient Rights Compliance Audit - FREE Download
• Long-Term Care Facility Survey Prep - FREE Download
• Home Health Agency Compliance Audit - FREE Download
• Hospice Compliance Audit - FREE Download
• Behavioral Health Compliance Audit - FREE Download
• Ambulatory Surgery Center Audit - Regulatory Compliance Checklist - FREE Download
• Medical Records Compliance Audit - FREE Download
• Environment of Care Audit - FREE Download
• Healthcare Emergency Management Audit - FREE Download

Why Use This HIPAA Security Rule Audit Checklist?

This hipaa security rule audit checklist helps healthcare teams maintain compliance and operational excellence. Designed for security officer/it professionals, this checklist covers 32 critical inspection points across 6 sections. Recommended frequency: annual.

Ensures compliance with HIPAA Security Rule, 45 CFR 164.308-312, NIST Cybersecurity Framework. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Regulatory Compliance Checklists
• Healthcare Checklists
• Browse 7,000+ Free Checklist Templates
• Operations Blog
• Book a Demo