Skip to main content
IT KORR
IT KORRKeeping Organizations Reliable & Resilient
Compliance & Governance · Download

HIPAA Compliance Checklist

A checklist organized by the three HIPAA Security Rule safeguard categories — Administrative, Physical, and Technical.

IT KORR Knowledge Center

HIPAA Compliance Checklist

A checklist organized by the three HIPAA Security Rule safeguard categories — Administrative, Physical, and Technical.

Administrative Safeguards

  • A formal risk analysis covering all systems that create, receive, maintain, or transmit ePHI has been performed and documented.
  • A risk management plan addresses identified risks with defined remediation timelines.
  • A designated security official is responsible for developing and implementing security policies.
  • Workforce security training on HIPAA and ePHI handling is documented at onboarding and periodically thereafter.
  • Business associate agreements (BAAs) are in place with all applicable vendors handling ePHI.

Physical Safeguards

  • Facility access controls limit physical access to systems and areas containing ePHI to authorized personnel.
  • Workstations that access ePHI are positioned and configured to minimize unauthorized viewing.
  • A documented process governs the disposal and reuse of hardware and media containing ePHI.
  • Device and media controls track movement of hardware containing ePHI in and out of facilities.

Technical Safeguards

  • Unique user IDs are assigned to every individual accessing ePHI — no shared logins.
  • Automatic logoff is configured on workstations and systems accessing ePHI.
  • Encryption is enabled for ePHI at rest and in transit.
  • Audit logging is enabled on systems handling ePHI, and logs are reviewed periodically.
  • Integrity controls are in place to ensure ePHI is not improperly altered or destroyed.

Related Resources

  • HIPAA Security Rule Explained — /knowledge-center/compliance/compliance-governance/hipaa-security-rule-explained
  • Compliance Fundamentals — /knowledge-center/compliance/compliance-governance/compliance-fundamentals

This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual systems before adoption — see the full Compliance & Governance Hub for the reasoning behind each recommendation, or use the Compliance Readiness Assessment for a personalized review.

Build: add8299 | Built: Jul 9, 2026 9:26 PM EDT