About the HIPAA and OSHA Onboarding Checklist

Home Bridge Compliance Get started About the HIPAA and OSHA Onboarding Checklist

Overview

You can use our HIPAA/OSHA Onboarding Checklist as a helpful resource to complete your HIPAA and/or OSHA requirements within your first 90 days of using Bridge Compliance.

This guide does not qualify as legal advice. Successfully completing the checklist does not certify that your or your organization are compliant. If you have any questions, please contact our Care team at 800-337-3630.

Resources and Support

Need Additional Support? Contact Us:

  • Technical Support Team:
    800-337-3630 (option 4)
    Available 24/7

Important: Failing to meet HIPAA and/or OSHA requirements can put your practice at risk for audits and costly fines.

  • HIPAA requirements apply to all healthcare organizations, regardless of size.
  • OSHA requirements apply only to practices or personnel who handle hazardous materials.
    *Additional requirements may vary by state or location.

First 30 Days: Key Compliance Steps

Complete these essential compliance steps within your first 30 days to set a strong foundation.

Note: OSHA requirements only apply if your practice is subject to them. You’ll only see and be able to complete the OSHA items in this checklist if your organization has the OSHA module enabled in Bridge Compliance.

Staff Setup

  1. Designate a Privacy & Security Officer.
    The HIPAA Privacy Officer is responsible for keeping all information private, signed, and stored properly. The Security Officer determines what can be done with the information (how and what can be shared). These roles can be filled by one person or by two different people.
    Tour: HIPAA Compliance Requirement: Designate a HIPAA Privacy Officer and Security Officer
    Article:
    Designate Your HIPAA Privacy and Security Officers
    Time to complete: 5 minutes
  2. Create individual user accounts for all staff.
    Each member of your staff needs an account to access their training and your practice’s policies.
    Tour: Bridge Compliance Admin Requirement: Add and Manage Users
    Articles:
    Create a New User
    Resend the "Welcome to Bridge Compliance" Email
    Time to complete: 5-30 minutes (depending on the number of users)

Risk and Safety

  1. Complete an Annual HIPAA Risk Assessment for your practice.
    A HIPAA Risk Assessment must be completed or updated annually.
    Tour: HIPAA Compliance Requirement: Complete Your Annual Risk Assessment
    Article: Complete Your Annual Risk Assessment
    Time to complete: 45-60 minutes
  2. Take an OSHA Self-Assessment (if applicable). 
    This assessment includes every OSHA requirement. Check off the boxes for the items that you are currently doing in your office to measure whether you would be prepared for an OSHA audit.
    Tour: OSHA Compliance Requirement: Complete Your OSHA Self-Assessment
    Article:
    Complete Your OSHA Self-Assessment
    Time to complete: 10-15 minutes

Training and Certification

  1. Complete your HIPAA Officer Certification.
    As the HIPAA Office, you must complete your own training and acknowledgements.
    Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
    Article: Complete Your HIPPA Officer Training
    Time to complete: 2 hours
  2. Ensure all staff complete HIPAA training and acknowledgements. 
    Team members must pass 3 HIPAA quizzes.
    Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
    Time to complete: 1 hour (for staff)
  3. Ensure all staff complete OSHA training and acknowledgements (if applicable).
    Team members must complete 3 courses: Bloodborne Pathogens, Hazard Communication, and Infection Control.
    Note: Dental practices in California must take the on-demand California Infection Control training within Continuing Education instead of the Infection Control course within OSHA Training.
    Tour: HIPAA Compliance Requirement: Complete Your HIPAA Officer Training
    Time to complete: 4 hours (for staff)

Vendor Compliance

  1. Obtain signed Business Associate Agreements (BAAs) from all applicable contractors/vendors.
    BAAs establish a legally-binding relationship between your practice and business associates to ensure complete protection of patient health information (PHI).
    Tour: HIPAA Compliance Requirement: Obtain Signed Business Associate Agreements
    Articles:
    Obtaining Signed Business Associate Agreements (BAAs)
    Create a Business Associate Agreement
    Time to complete: 5-40 minutes

First 60 Days: Key Compliance Steps

Complete these essential compliance steps within your first 60 days to set a strong foundation.

Note: OSHA requirements only apply if your practice is subject to them. You’ll only see and be able to complete the OSHA items in this checklist if your organization has the OSHA module enabled in Bridge Compliance.

Response Plans

  1. Create an Emergency and Incident Response Plan.
    This plan documents who is on the Emergency Team, who is responsible for data backup, what your key processes are in the event of an emergency, and more.
    Tour: HIPAA Compliance Requirement: Create Your HIPAA Emergency and Incident Response Plans
    Article: Create Your HIPAA Emergency and Incident Response Plans
    Time to complete: 15-20 minutes
  2. Complete the OSHA Plans (if applicable).
    The Bloodborne Pathogen and Hazard communication plans are required. These plans are in Q&A format; if a question is not applicable, enter N/A.
    Tour: OSHA Compliance Requirement: Create and Maintain OSHA Plans
    Article: Create OSHA Plans
    Time to complete: 30-45 minutes
  3. Complete a Safety Data Sheet (SDS) eBinder.
    Create a digital binder by searching for the safety data sheets of hazardous chemicals in your office.
    Tour: OSHA Compliance Requirement: Create a Safety Data Sheet eBinder
    Article: Create a Safety Data Sheet eBinder
    Time to complete: Varies depending on the number of products you add to your eBinder

First 90 Days: Review Routine Maintenance Steps

Review routine maintenance requirements within your first 90 days to ensure you’re clear on your responsibilities.

Routine Maintenance

  1. Employee Management
    Regularly update records for new hires, terminations, and role changes.
  2. New Hire Training
    Ensure all new employees and complete HIPAA and/or OSHA training.
  3. Vendor Management
    Maintain up-to-date Business Associate Agreements for all service providers, software, and IT changes.
  4. Safety Data Sheet (SDS) Management
    Add and remove items from your SDS eBinder, as needed, using the Safety Data Sheets Database.
  5. Incident Response
    Address compliance incidents, including but not limited to recent HIPAA breaches, employee injuries, and other related issues, in accordance and established plans and policies.

For questions or support, please contact our Care team at 800-337-3630 (option 3) or [email protected].

Helpful?