-
-
-
- Date of Inspection*
-
-
-
- All workstations require unique user IDs and passwords.*
-
- Automatic screen lock is enabled (15 minutes or less of inactivity).*
-
- No passwords are written or visible near workstations.*
-
- EHR access is limited to authorized staff only.*
-
- Shared workstations (hallway/reception) are configured to lock when unattended.*
-
-
- Computer screens in reception/waiting areas cannot be read by the public.*
-
- Printed PHI is not left on counters or in public view.*
-
- Sign-in sheets (if used) do not reveal diagnosis, SUD status, or detailed PHI.*
-
-
- Fax machines and printers used for PHI are in staff-only or supervised areas.*
-
- Incoming faxes with PHI are promptly removed and not left unattended or received privately via e-mail.*
-
- Outgoing faxes and e-mails containing medical information for disclosure include required HIPAA and 42 CFR Part 2 confidentiality notices.*
-
- Paper records with PHI are stored in locked cabinets/rooms when not in use.*
-
-
- Part 2 consent forms are current, complete, and stored securely.*
-
- Redisclosure warnings are included on all Part 2 disclosures.*
-
- SUD/Part 2 records are clearly flagged in the EHR/records system as such.*
-
- Only staff who need the information to perform their job duties may access SUD/Part 2 records.*
-
-
- Office doors and records rooms are locked when not in use.*
-
- Shred bins or secure disposal methods are used for PHI.*
-
- No unattended PHI is left on desks at the end of the day (spot check).*
-
-
- Any privacy or security incidents observed this week?*
-
- Corrective actions needed or requested?*
-
-
-
-
- Designee Signature Date*
-
- Should be Empty: