Vanta automates SOC 2, ISO 27001 and HIPAA
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Your HIPAA compliance checklist

HIPAA is intended to keep protected health information (PHI) safe and secure. HIPAA compliance is essential for covered entities and business associates and means abiding by the HIPAA Rules. Your company must implement and document comprehensive administrative, physical, and technical security safeguards. Sound complicated? Our HIPAA compliance checklist will help simplify your path to compliance.

Compliance and security automation

Determine which annual audits and assessments are required for your company

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Conduct required HIPAA compliance audits and assessments

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Document your plans and put them into action

Checklist items

Document every step of building, implementing, and assessing your compliance program

Vanta’s automated compliance reporting can streamline planning and documentation

Appoint a security
and compliance point person
in your company

Checklist items

Designate an employee as your HIPAA Compliance Officer

Schedule annual HIPAA training for all employees

Checklist items

Distribute HIPAA policies and procedures and ensure staff read and attest to their review

Document employee trainings and other compliance activities

Checklist items

Thoroughly document employee training processes, activities, and attestations

Establish and communicate clear breach report processes
to all employees

Checklist items

Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach

Implement systems to track security incidents, and to document and report all breaches

Institute an annual review process

Checklist items

Annually assess compliance activities against theHIPAA Rules and updates to HIPAA

Continuously assess and manage risk

Checklist items

Build a year-round risk management program and integrate continuous monitoring

Understand the ins and outs of HIPAA compliance— and the costs of noncompliance

Determine which annual audits and assessments are required for your company

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Conduct required HIPAA compliance audits and assessments

Checklist items

Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta

Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol

Document your plans and put them into action

Checklist items

Document every step of building, implementing, and assessing your compliance program

Vanta’s automated compliance reporting can streamline planning and documentation

Appoint a security and compliance point person in your company

Checklist items

Designate an employee as your HIPAA Compliance Officer

Schedule annual HIPAA training for all employees

Checklist items

Distribute HIPAA policies and procedures and ensure staff read and attest to their review

Document employee trainings and other compliance activities

Checklist items

Thoroughly document employee training processes, activities, and attestations

Establish and communicate clear breach report processes
to all employees

Checklist items

Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach

Implement systems to track security incidents, and to document and report all breaches

Institute an annual review process

Checklist items

Annually assess compliance activities against theHIPAA Rules and updates to HIPAA

Continuously assess and manage risk

Checklist items

Build a year-round risk management program and integrate continuous monitoring

Understand the ins and outs of HIPAA compliance— and the costs of noncompliance

Everything you need to get HIPAA compliance audit ready, fast.

Vanta is “security in a box” for technology companies, trusted by hundreds. Our continuous monitoring software and robust range of automated checks can help you get compliance audit-ready, fast. Vanta can help your company:

  • Build a statement of applicability describing how you control for each HIPAA safeguard
  • Track how ePHI flows through your system and access points
  • Track HIPAA tasks like employee training
  • Develop a breach notification policy and template
  • Prepare for your HIPAA audit fieldwork… and more
Compliance and security automation