Do you encrypt patient data?
Are access controls in place?
Do you conduct regular HIPAA training?
Is there a breach notification policy?
Are audit trails reviewed regularly?

Do you use certified EHR technology?
Is electronic data backed up securely?
Are patient data requests processed electronically?
Do you have a mobile data access policy?
Are system updates documented?

Are MSDS documents accessible?
Are staff trained in bloodborne pathogens?
Is PPE provided and maintained?
Are needle-stick incidents documented?
Are OSHA posters displayed?

Do you follow Medicare billing guidelines?
Are claims submitted electronically?
Are patients provided with rights information?
Is quality data submitted to CMS?
Are admission/discharge protocols followed?

Are performance metrics tracked?
Is patient safety reviewed monthly?
Is staff credentialing reviewed regularly?
Is there an incident reporting mechanism?
Do you perform annual mock surveys?