HEALTHCARE PATIENT PORTAL ACCESS CHECKLIST: SECURITY & USABILITY Created by ChecklistGuro (https://checklistguro.com) --- PATIENT IDENTITY VERIFICATION --- [ ] Patient First Name [ ] Patient Last Name [ ] Date of Birth (Year) [ ] Date of Birth (Month) [ ] Date of Birth (Day) [ ] Gender (Male, Female, Other, Prefer not to say) [ ] Photo ID (e.g., Driver's License) [ ] Verification Method (In-person verification, Remote video verification, Knowledge-based authentication) --- AUTHENTICATION METHODS --- [ ] Primary Authentication Method (Username/Password, Multi-Factor Authentication (MFA), Biometric Authentication) [ ] MFA Type (if applicable) (SMS OTP, Authenticator App, Email OTP, Hardware Token) [ ] Minimum Password Length [ ] Password Complexity Requirements (Uppercase Letter, Lowercase Letter, Number, Special Character) [ ] Last Password Policy Review Date [ ] Password Reset Procedure Documentation Link --- ACCESS CONTROL PERMISSIONS --- [ ] Patient Role Assignment (Patient, Caregiver, Authorized Representative) [ ] Allowed Data Access (Appointment Scheduling, Lab Results, Medication List, Medical Records, Billing Information) [ ] Appointment Scheduling Permissions (View Only, Request Changes, Full Scheduling Access) [ ] Maximum Number of Caregivers [ ] Record Sharing Scope (Patient Only, Caregiver, Authorized Representative) --- DATA ENCRYPTION & SECURITY --- [ ] Encryption Method Used (e.g., TLS 1.3, AES-256) (TLS 1.2, TLS 1.3, AES-256, Other (Specify in Long Text)) [ ] Encryption Key Rotation Frequency (days) [ ] Data Encryption at Rest? (Yes, No, Partial (Specify in Long Text)) [ ] Description of Encryption Protocol Implementation [ ] Certificate Validation Status (Valid, Expired, Revoked) [ ] Last Encryption Audit Date --- PORTAL USABILITY & ACCESSIBILITY --- [ ] Navigation Clarity (Very Clear, Clear, Somewhat Clear, Unclear) [ ] Font Size Appropriateness (Excellent, Good, Needs Adjustment, Unreadable) [ ] Average Page Load Time (seconds) [ ] Accessibility Features Used (Select all that apply) (Screen Reader Compatibility, Keyboard Navigation, Alternative Text for Images, Color Contrast Options) [ ] Overall Ease of Use (Extremely Easy, Easy, Neutral, Difficult, Very Difficult) --- PATIENT PRIVACY & CONSENT --- [ ] Has the patient received a copy of the Privacy Notice? (Yes, No, N/A) [ ] Brief summary of Privacy Notice explanation provided to patient. [ ] Does the patient understand how their data will be shared? (Yes, No, Unsure) [ ] Patient Signature (acknowledging Privacy Notice and consent) [ ] Date of Consent/Acknowledgement [ ] Which data sharing categories has the patient consented to? (Treatment Communication, Payment Processing, Research (optional), Care Coordination) --- AUDIT LOGGING & MONITORING --- [ ] Number of Audit Log Entries Reviewed [ ] Summary of Log Review Findings [ ] Severity of Identified Issues (if any) (None, Low, Medium, High) [ ] Date of Last Log Review [ ] Time of Last Log Review [ ] Audit Log Events Monitored (Login Attempts, Data Access, Record Updates, Password Changes, Portal Configuration Changes) [ ] Number of Alerts Generated in Last Period --- DEVICE SECURITY & COMPLIANCE --- [ ] Device Operating System (Windows, macOS, Android, iOS, Other) [ ] Device Encryption Status (0 = Not Encrypted, 1 = Encrypted) [ ] Security Software Installed (Antivirus, Firewall, Mobile Device Management (MDM), Endpoint Detection and Response (EDR)) [ ] Device Compliance Status (Compliant, Non-Compliant, Pending Review) [ ] Last Security Scan Date [ ] Notes / Comments on Device Security --- TRAINING & DOCUMENTATION --- [ ] Last Training Completion Date [ ] Training Module Covered (Portal Security Awareness, Patient Privacy & HIPAA, Usability & Navigation, New Feature Updates) [ ] Number of Staff Trained [ ] Summary of Training Content [ ] Attach Training Certificates/Records [ ] Trainer Qualification (Certified Healthcare Professional, Designated Security Officer, External Training Provider) --- REGULAR SECURITY ASSESSMENTS --- [ ] Last Vulnerability Scan Date [ ] Vulnerability Scan Score (e.g., CVSS) [ ] Scanning Tool Used (Nessus, Qualys, Rapid7, Other) [ ] Scan Report (PDF/CSV) [ ] Next Penetration Test Scheduled [ ] Summary of Findings and Remediation Plan --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/healthcare/healthcare-patient-portal-access-checklist-security-usability (Click "Install Template" to launch your digital inspection tool immediately)