CalOHII developed checklists to support the Compliance Review team’s assessment of the artifacts (documentation) requested during the Compliance Review process. Our goals during the creation of the checklists were to ensure:

• All pertinent criteria (i.e., HIPAA, state regulations) are considered when assessing documentation compliance
• Objectivity and credibility in our review process
• A defined and repeatable review process

CalOHII reviews these checklists on an annual basis to ensure accuracy and currency with updates to state and federal regulations.

CalOHII recommends use of these checklists by state entities to self-assess their compliance and determine areas of risk or non-compliance.

• Authorizations
• Breach Notification
• Business Associate Agreement Template
• Business Associate Oversight Policy
• Contingency Plan – Business Continuity Plan
• Contingency Plan – Technology Recovery Plan
• Data Backup Plan
• Device & Media Controls
• Facility Security Plan
• Health Information Locations
• Incident Reporting
• Individuals Right to Access
• Individuals Right to Amend
• Notice of Privacy Practices
• Privacy Training
• Risk Assessment Policy
• Risk Assessment
• Security Training
• Security Evaluations