HIPAA Onboarding Checklist

Scroll to the bottom of this page for a PDF of this checklist!

Activate Vanta:

1. Complete Company Information

2. Add Administrator

3. Add Officers

  • List your HIPAA Security and HIPAA Privacy Officer in the Human Resources sections. They will be responsible for implementing your HIPAA policies and act as the first point of contact for any breaches.

4. Add Connections

  • Connections are how Vanta pulls data and scans your systems for any gaps applicable to HIPAA controls. Integrate your Task Tracker (e.g., JIRA, Clubhouse, Trello, etc.), so Vanta can assist you in providing incident tracking and reporting. Label tickets with the "security" label, and we do the rest.

 

Set Controls

1. Create HIPAA-Compliant Policies

Policies make up the framework your company will follow, and your auditors will use it to ensure you are HIPAA-compliant.

  • Create all information security policies

  • Create all HIPAA-specific policies 

2. Set Up Employee Onboarding

Employees need to be aware of their roles and responsibilities at your company and become familiar with security best practices.

  • Determine if you'd like to do your security awareness training through Vanta. If you do, you can use the training video created by our partner, LivingSecurity. Alternatively, you can add the URL to the training you already use.

  • Determine your Background check monitoring start date.

Note: This is important if you have employees you do not want to background check.