Internal Staff Resource
Compliance Command Center
Search regulatory guidance, audit tools, clinic logs, HIPAA procedures, safety standards, incident reporting, emergency readiness, and clinical compliance workflows.
Audit Center
Chart audits, mock surveys, and corrective actions.
Clinical Compliance
CLIA, POC testing, medications, samples, and logs.
Safety & Emergency
AED, drills, emergency kits, and environment checks.
Incident Reporting
Document, escalate, investigate, and correct events.
Compliance Resources
Select a category or search for a regulation, workflow, log, or audit requirement.
Showing all resources
Review each chart for
Document findings, assign corrective actions, identify the
responsible owner, and establish a follow-up date.
Inspect
- Licenses, certificates, and required postings.
- Emergency exits and evacuation maps.
- Medication, supply, and specimen storage.
- Expiration dates and open-date labels.
- Sharps, biohazard, and waste handling.
- Temperature, quality-control, and equipment logs.
- Required binders and downtime forms.
- Patient privacy and secure record handling.
Photograph or document deficiencies when appropriate and
verify completion instead of closing an item based only on a
verbal update.
Required elements
- Specific deficiency or finding.
- Immediate risk-reduction action.
- Root cause of the issue.
- Long-term correction.
- Assigned owner.
- Completion deadline.
- Monitoring method.
- Verification that the correction was effective.
A corrective action is not complete until the improvement has
been verified and documented.
Staff expectations
- Access only the information required for assigned duties.
- Verify identity before releasing information.
- Use private areas for sensitive conversations.
- Do not leave records, labels, or screens visible.
- Use secure systems for patient information.
- Dispose of protected information using approved methods.
- Report suspected privacy concerns immediately.
Do not search for a patient, family member, coworker, public
figure, or other individual unless access is required for
assigned job duties.
Required practices
- Use unique passwords and multifactor authentication.
- Never share usernames or passwords.
- Lock computers whenever stepping away.
- Do not click unexpected links or attachments.
- Use only approved devices and applications.
- Report lost devices or suspicious activity immediately.
- Remove system access promptly when employment ends.
Regular email and text messaging should not be used for
protected health information unless the communication method
has been specifically approved.
Immediate steps
- Stop or contain the disclosure when possible.
- Notify leadership or the privacy contact immediately.
- Do not delete, alter, or conceal evidence.
- Document what information was involved.
- Identify who received or accessed the information.
- Follow instructions for recovery, mitigation, and review.
Staff should report the event immediately and should not
independently decide whether the event qualifies as a breach.
Before testing
- Confirm the clinic has the correct CLIA certificate.
- Use only tests approved for the site’s certificate type.
- Confirm staff training and competency.
- Verify kit storage, expiration date, and lot information.
- Complete required quality control.
Document
- Patient identifiers.
- Date and time of testing.
- Test name and result.
- Lot number and expiration date when required.
- Staff member performing the test.
- Quality-control results and corrective action.
Do not perform testing under another clinic’s CLIA certificate
or perform tests not authorized for the location.
Include
- Date and time.
- Equipment or test name.
- Control lot number and expiration.
- Expected and actual results.
- Staff initials or signature.
- Corrective action for failed controls.
- Supervisor review when required.
Patient testing must stop when quality control fails until the
issue is corrected and acceptable results are documented.
Standards
- Store medications according to manufacturer requirements.
- Limit access to authorized staff.
- Check expiration dates routinely.
- Use received-date or open-date labels when required.
- Separate expired or damaged items immediately.
- Maintain sample inventory and distribution logs.
- Follow additional controls for controlled substances.
Expired medications, vaccines, tests, and supplies must not
remain in active patient-care inventory.
Document
- Date and time checked.
- Current, minimum, and maximum temperature when available.
- Staff initials.
- Any temperature excursion.
- Items affected.
- Manufacturer or pharmacy guidance received.
- Final disposition of affected items.
Do not use medications, vaccines, or tests affected by a
temperature excursion until they are reviewed and cleared.
Core expectations
- Perform hand hygiene before and after patient contact.
- Use PPE based on anticipated exposure.
- Disinfect reusable surfaces and equipment.
- Dispose of sharps immediately after use.
- Do not overfill sharps or biohazard containers.
- Follow exposure-control procedures after a needlestick or splash.
- Maintain accessible cleaning and spill supplies.
Gloves do not replace hand hygiene. Clean hands before putting
gloves on and after removing them.
Inspect monthly
Document
- Date and type of drill.
- Staff participating.
- Scenario used.
- Evacuation or response time.
- Communication process.
- Problems identified.
- Corrective actions and follow-up.
Review evacuation routes, assembly areas, emergency contacts,
alarm procedures, and responsibilities with new staff.
Confirm
- Kit is sealed, labeled, and accessible.
- Required supplies are present.
- Medications and supplies are not expired.
- Oxygen and delivery equipment are ready when applicable.
- Emergency numbers and instructions are current.
- Inspection is documented.
Track
- Equipment name and serial number.
- Location and responsible department.
- Required inspection or calibration schedule.
- Service dates and vendor.
- Repair history.
- Out-of-service dates.
- Replacement or retirement date.
Tag and remove damaged, malfunctioning, or overdue equipment
from service until it is evaluated.
Immediate priorities
- Protect the patient, employee, or public from further harm.
- Obtain emergency assistance when needed.
- Notify the appropriate supervisor.
- Preserve relevant evidence and records.
- Complete the incident report promptly.
- Cooperate with investigation and follow-up.
Document objective facts
- Who was involved.
- What occurred.
- When and where it happened.
- Observed injuries or effects.
- Immediate actions taken.
- People notified.
Do not place the incident report itself in the patient’s
medical record. Document the patient’s clinical condition and
care in the medical record.
Immediate action
- Wash needlestick or skin exposure with soap and water.
- Flush eyes, nose, or mouth with water.
- Notify the supervisor immediately.
- Obtain urgent medical evaluation.
- Complete exposure and incident documentation.
- Follow testing, treatment, and follow-up instructions.
Do not delay medical evaluation while waiting for paperwork or
leadership approval.
Staff response
- Listen without interrupting or becoming defensive.
- Document the patient’s concern accurately.
- Explain the next step and expected follow-up.
- Escalate clinical, privacy, discrimination, or safety issues.
- Do not promise a specific outcome before review.
- Document resolution and communication.
The goal is not only to close the complaint but to determine
whether a workflow, training, or safety improvement is needed.
Common required topics
- HIPAA privacy and security.
- OSHA and bloodborne pathogens.
- Infection prevention and PPE.
- Emergency response and fire safety.
- Workplace violence and harassment prevention.
- Fraud, waste, abuse, and code of conduct.
- Role-specific clinical competencies.
Training completion should include the topic, date, employee,
trainer or source, and evidence of completion.
Maintain as applicable
- Emergency and evacuation binder.
- Suicide-safety and crisis resources.
- Vaccine Information Statements.
- CLIA and point-of-care testing binder.
- Quality-control logs.
- Equipment maintenance records.
- Safety Data Sheets.
- Downtime forms and procedures.
- Exposure-control plan.
Review binders routinely to remove expired forms, update
contacts, and confirm staff know where each resource is kept.
No matching compliance resource found.
Try a broader term such as “audit,” “HIPAA,” “CLIA,” “incident,” “safety,” or “training.”

