Weekly Privacy & Security Monitoring Log
Weekly privacy and security monitoring checklist to be completed by the onsite designee and reviewed by the Privacy/Security Officer.
General Information
Site
*
Please Select
Serenity NonProfit
DCO Hope Counseling
Date of Inspection
*
-
Month
-
Day
Year
Date
Onsite Designee Inspector Name
*
Please Select
Rachel Rubio
Workstation & EHR Security
All workstations require unique user IDs and passwords.
*
Yes
No
If No, describe
Automatic screen lock is enabled (15 minutes or less of inactivity).
*
Yes
No
If No, describe
No passwords are written or visible near workstations.
*
Yes
No
If No, describe
EHR access is limited to authorized staff only.
*
Yes
No
If No, describe
Shared workstations (hallway/reception) are configured to lock when unattended.
*
Yes
No
If No, describe
Reception / Public Areas
Computer screens in reception/waiting areas cannot be read by the public.
*
Yes
No
If No, describe
Printed PHI is not left on counters or in public view.
*
Yes
No
If No, describe
Sign-in sheets (if used) do not reveal diagnosis, SUD status, or detailed PHI.
*
Yes
No
If No, describe
Fax / Printer / Physical Records
Fax machines and printers used for PHI are in staff-only or supervised areas.
*
Yes
No
If No, describe
Incoming faxes with PHI are promptly removed and not left unattended.
*
Yes
No
Not applicable
If No, describe
Outgoing faxes include required HIPAA and 42 CFR Part 2 confidentiality notices.
*
Yes
No
If No, describe
Paper records with PHI are stored in locked cabinets/rooms when not in use.
*
Yes
No
If No, describe
42 CFR Part 2 – SUD-Specific Controls
Part 2 consent forms are current, complete, and stored securely.
*
Yes
No
If No, describe
Redisclosure warnings are included on all Part 2 disclosures.
*
Yes
No
If No, describe
SUD/Part 2 records are segregated or clearly flagged in the EHR/records system.
*
Yes
No
If No, describe
Only staff with a need-to-know have access to SUD/Part 2 records.
*
Yes
No
If No, describe
Physical & Environmental Safeguards
Office doors and records rooms are locked when not in use.
*
Yes
No
If No, describe
Shred bins or secure disposal methods are used for PHI.
*
Yes
No
If No, describe
No unattended PHI is left on desks at the end of the day (spot check).
*
Yes
No
If No, describe
Incidents, Concerns, and Corrective Actions
Any privacy or security incidents observed this week?
*
No
Yes
If Yes, describe incident(s), date, and immediate action taken
Corrective actions needed or requested?
*
None
Yes
If Yes, describe and indicate if urgent
Certification by Onsite Designee
I certify that I completed this checklist for the week indicated and that the above answers are accurate to the best of my knowledge.
Designee Signature
*
Designee Signature Date
*
-
Month
-
Day
Year
Date
Privacy/Security Officer Review
Date reviewed
-
Month
-
Day
Year
Date
Reviewed by (PSO Name)
Additional notes / required follow-up
PSO Signature
PSO Signature Date
-
Month
-
Day
Year
Date
Submit Log
Submit Log
Should be Empty: