The Healthcare Executive's HIPAA Personal Liability Checklist
12 questions your legal team should be asking your IT vendor. If you can't answer "yes" to all of them, your personal name could appear in an OCR enforcement action.
Download the Checklist
Enter your email and we'll send it right over.
By submitting, you agree to our Privacy Policy. Unsubscribe anytime.
What's in the Checklist
12 questions that separate compliant organizations from those at personal risk.
Do you know which executives are personally named in your HIPAA compliance documentation?
Has your legal team reviewed your BAAs in the last 12 months for adequate indemnification?
Can your IT team produce an access log for ePHI systems within 24 hours of a request?
Do you have documented evidence that your risk analysis was completed this calendar year?
Is your incident response plan tested annually with a tabletop exercise?
Are terminated employees' access credentials revoked the same day?
Can you demonstrate encryption at rest and in transit for all ePHI?
Does your organization have a formally designated Security Officer?
Are your business associates' security practices evaluated before contract execution?
Do you maintain a complete inventory of every system that stores, processes, or transmits ePHI?
Has your organization conducted a HIPAA Security Rule gap analysis in the past 12 months?
Are your board or executive team briefed on compliance posture at least quarterly?
If you answered "no" to even one of these, you have a gap that could result in personal enforcement action. The checklist explains why each question matters and what to do about it.
Want More Than a Checklist?
Run a full HIPAA Security Rule assessment and get a prioritized gap analysis with specific remediation steps — not just questions, but answers.