Designed for: Psychologists, therapists, and telehealth providers managing electronic or paper PHI.
Use this tool to: Follow NIST and HIPAA-compliant procedures for data storage, encryption, sanitization, and destruction.
About Cannon Psychology: APA-approved sponsor providing evidence-based EMDR continuing education, ethics resources, and clinician toolkits.
About the Checklist
This step-by-step checklist helps clinicians safeguard confidential data from intake to disposal. It clarifies encryption standards, retention timelines, and destruction methods, helping you document compliance and meet the highest ethical standards for data security. It’s structured around NIST SP 800-88 Rev. 1 and HIPAA’s Security Rule, ensuring your workflow meets federal best practices. The guide also includes sample verification logs and vendor documentation examples to streamline compliance. Whether you’re updating old systems or conducting an annual audit, this resource helps you demonstrate due diligence and protect client trust. This checklist is an educational resource intended for licensed mental health professionals. It does not constitute legal advice, risk management consultation, or CE credit. Clinicians are responsible for verifying state and federal requirements applicable to their practice setting.