HIPAA Physical Security Audit Checklist
A room-by-room audit checklist covering facility access controls, workstation security, device and media controls, visitor management, and disposal procedures for small clinics.
Short answer
A clinic-ready checklist for auditing physical safeguards required by the HIPAA Security Rule, with concrete items for every room a covered entity controls.
What is inside
- Facility access controls — keys, badges, alarm codes, and after-hours entry logging
- Workstation security — placement, screen privacy, automatic lock, and authorized use
- Device and media controls — inventory, encryption, sanitization, and disposal records
- Visitor management — sign-in, escort requirements, and restricted-area boundaries
- Paper PHI handling — secured storage, after-hours lockup, and shredding documentation
- Environmental controls — cameras, locks, and re-keying procedures after staff turnover
We publish the same practical templates and decision tools that clinics use to structure recurring HIPAA work. No enterprise gate. No resource-library gimmicks. Just practical material delivered quickly.
Editorial details
Written by: Angel Campa
Reviewed by: PHIGuard Compliance Research
Updated: April 28, 2026
Best next step: Open the matching product path
Sources
- 45 CFR § 164.310 — Physical Safeguards | Electronic Code of Federal Regulations