- Overview
- Resources and Support
- First 30 Days: Key Compliance Steps
- First 60 Days: Key Compliance Steps
- First 90 Days: Review Routine Maintenance Steps
Overview
You can use our HIPAA/OSHA Onboarding Checklist as a helpful resource to complete your HIPAA and/or OSHA requirements within your first 90 days of using Bridge Compliance.
This guide does not qualify as legal advice. Successfully completing the checklist does not certify that your or your organization are compliant. If you have any questions, please contact our Care team at 800-337-3630.
Resources and Support
Need Additional Support? Contact Us:
-
Care Team:
800-337-3630 (option 3)
[email protected]
Available 9 am – 5 pm EST
-
Technical Support Team:
800-337-3630 (option 4)
Available 24/7
Important: Failing to meet HIPAA and/or OSHA requirements can put your practice at risk for audits and costly fines.
- HIPAA requirements apply to all healthcare organizations, regardless of size.
- OSHA requirements apply only to practices or personnel who handle hazardous materials.
*Additional requirements may vary by state or location.
First 30 Days: Key Compliance Steps
Complete these essential compliance steps within your first 30 days to set a strong foundation.
Note: OSHA requirements only apply if your practice is subject to them. You’ll only see and be able to complete the OSHA items in this checklist if your organization has the OSHA module enabled in Bridge Compliance.
Staff Setup
- Designate a Privacy & Security Officer.
The HIPAA Privacy Officer is responsible for keeping all information private, signed, and stored properly. The Security Officer determines what can be done with the information (how and what can be shared). These roles can be filled by one person or by two different people.
Tour: HIPAA Compliance Requirement: Designate a HIPAA Privacy Officer and Security Officer
Article: Designate Your HIPAA Privacy and Security Officers
Time to complete: 5 minutes - Create individual user accounts for all staff.
Each member of your staff needs an account to access their training and your practice’s policies.
Tour: Bridge Compliance Admin Requirement: Add and Manage Users
Articles:
• Create a New User
• Resend the "Welcome to Bridge Compliance" Email
Time to complete: 5-30 minutes (depending on the number of users)
Risk and Safety
- Complete an Annual HIPAA Risk Assessment for your practice.
A HIPAA Risk Assessment must be completed or updated annually.
Tour: HIPAA Compliance Requirement: Complete Your Annual Risk Assessment
Article: Complete Your Annual Risk Assessment
Time to complete: 45-60 minutes - Take an OSHA Self-Assessment (if applicable).
This assessment includes every OSHA requirement. Check off the boxes for the items that you are currently doing in your office to measure whether you would be prepared for an OSHA audit.
Tour: OSHA Compliance Requirement: Complete Your OSHA Self-Assessment
Article: Complete Your OSHA Self-Assessment
Time to complete: 10-15 minutes
Training and Certification
- Complete your HIPAA Officer Certification.
As the HIPAA Office, you must complete your own training and acknowledgements.
Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
Article: Complete Your HIPPA Officer Training
Time to complete: 2 hours - Ensure all staff complete HIPAA training and acknowledgements.
Team members must pass 3 HIPAA quizzes.
Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
Time to complete: 1 hour (for staff) - Ensure all staff complete OSHA training and acknowledgements (if applicable).
Team members must complete 3 courses: Bloodborne Pathogens, Hazard Communication, and Infection Control.
Note: Dental practices in California must take the on-demand California Infection Control training within Continuing Education instead of the Infection Control course within OSHA Training.
Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
Time to complete: 4 hours (for staff)
Vendor Compliance
- Obtain signed Business Associate Agreements (BAAs) from all applicable contractors/vendors.
BAAs establish a legally-binding relationship between your practice and business associates to ensure complete protection of patient health information (PHI).
Tour: HIPAA Compliance Requirement: Obtain Signed Business Associate Agreements
Articles:
• Obtaining Signed Business Associate Agreements (BAAs)
• Create a Business Associate Agreement
Time to complete: 5-40 minutes
First 60 Days: Key Compliance Steps
Complete these essential compliance steps within your first 60 days to set a strong foundation.
Note: OSHA requirements only apply if your practice is subject to them. You’ll only see and be able to complete the OSHA items in this checklist if your organization has the OSHA module enabled in Bridge Compliance.
Response Plans
- Create an Emergency and Incident Response Plan.
This plan documents who is on the Emergency Team, who is responsible for data backup, what your key processes are in the event of an emergency, and more.
Tour: HIPAA Compliance Requirement: Create Your HIPAA Emergency and Incident Response Plans
Article: Create Your HIPAA Emergency and Incident Response Plans
Time to complete: 15-20 minutes - Complete the OSHA Plans (if applicable).
The Bloodborne Pathogen and Hazard communication plans are required. These plans are in Q&A format; if a question is not applicable, enter N/A.
Tour: OSHA Compliance Requirement: Create and Maintain OSHA Plans
Article: Create OSHA Plans
Time to complete: 30-45 minutes - Complete a Safety Data Sheet (SDS) eBinder.
Create a digital binder by searching for the safety data sheets of hazardous chemicals in your office.
Tour: OSHA Compliance Requirement: Create a Safety Data Sheet eBinder
Article: Create a Safety Data Sheet eBinder
Time to complete: Varies depending on the number of products you add to your eBinder
First 90 Days: Review Routine Maintenance Steps
Review routine maintenance requirements within your first 90 days to ensure you’re clear on your responsibilities.
Routine Maintenance
- Employee Management
Regularly update records for new hires, terminations, and role changes. - New Hire Training
Ensure all new employees and complete HIPAA and/or OSHA training. - Vendor Management
Maintain up-to-date Business Associate Agreements for all service providers, software, and IT changes. - Safety Data Sheet (SDS) Management
Add and remove items from your SDS eBinder, as needed, using the Safety Data Sheets Database. - Incident Response
Address compliance incidents, including but not limited to recent HIPAA breaches, employee injuries, and other related issues, in accordance and established plans and policies.
For questions or support, please contact our Care team at 800-337-3630 (option 3) or [email protected].