Resources
HIPAA compliance checklist for teams and small practices.
If you need a sane starting point, start here. This checklist focuses on the controls most healthcare teams need in place before audits, onboarding pushes, vendor reviews, or security incidents expose a weak process.
Core checklist
- Assign HIPAA training by workforce role before staff handle PHI.
- Keep an annual training log with completion dates, certificate IDs, and renewal due dates.
- Inventory every vendor that creates, receives, maintains, or transmits PHI and confirm BAAs are in place.
- Run and document a HIPAA risk assessment for systems, devices, and remote workflows that touch ePHI.
- Review access controls for EHR, cloud storage, email, texting, and patient communication tools.
- Document incident response, breach review, and escalation steps before something goes sideways.
- Maintain policy evidence for mobile devices, workstations, password hygiene, and data retention.
- Verify certificate, policy, and audit evidence can be retrieved without inbox archaeology.
What to review first
- Training records and renewal gaps for anyone touching PHI.
- Vendor tools that still do not have signed BAAs or clear owners.
- Remote work, email, texting, and mobile-device workflows with weak safeguards.
- Evidence retrieval: can you find certificates, policies, and incident logs fast?
Best next steps
- Use the self-audit checklist for a deeper internal review.
- Pair this with the HIPAA Risk Assessment Kit if you need documented remediation tracking.
- Roll out training and store certificate proof in one repeatable system.
- Use contact sales if you need help standardizing team rollout.
If you run a small practice
Small practices usually need the shortest path to proof: team training, a training log, a basic risk workflow, and pricing that does not assume you are a hospital system.
HIPAA training for small medical practices
See the team-training path built for lean clinics, solo providers, and specialty practices.
Review team pricing
Check the cleanest rollout option for annual renewals, distributed staff, and compliance proof.
Use the HIPAA training log template
Track completions, certificate IDs, and renewal dates without spreadsheet chaos.
Run a HIPAA risk assessment
Turn checklist gaps into documented risks, owners, and remediation steps.