CalOHII developed artifact evaluation checklists to document the criteria to consider when evaluating Compliance Review Policy and Procedure artifacts/documentation. These checklists ensure the evaluators do not overlook important criteria; and the checklists enhance the assessment/review’s objectivity, credibility, and reproducibility.

Use of these checklists by State Entities may be useful in developing, monitoring and maintaining required regulatory documentation.

• Accounting of Disclosures
• Administrative Policies & Procedures
• Authorizations
• Breach Notification
• Business Associate Agreement Template
• Business Associate Oversight Policy
• Contingency Plan – Business Continuity Plan
• Contingency Plan – Technical Recovery Plan
• Data Backup Plan
• Data Retention & Destruction
• Facility Security Plan
• Health Information Locations
• Incident Reporting
• Individuals Right to Access
• Individuals Right to Amend
• Media & Device Controls
• Notice of Privacy Practices
• Opportunity to Agree or Object
• Privacy Training
• Requirements for Telehealth
• Risk Assessment Policy
• Risk Assessment
• Security Training
• Security Evaluations
• Transaction & Code Sets Companion Guide
• Trading Partner Agreements
• Trading Partner Agreements Companion Guide
• Workstation Use & Security