HIPAA Security Policies Template Suite

The final HIPAA Security rule published on February 20, 2003 requires that healthcare organizations create policies and procedures to apply the security requirements of the law - and then train their employees on the use of these policies and procedures in their day-to-day jobs.

HIPAA rule has very specific requirements with regard to creating, implementing, or changing Policies and Procedures. "Standard: Policies and Procedures -- A covered entity must implement policies and procedures with respect to protected health information that are designed to comply with the standards, implementation specifications, or other requirements of this subpart. The policies and procedures must be reasonably designed, taking into account the size of and the type of activities that relate to protected health information undertaken by the covered entity, to ensure such compliance. This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirement of this subpart."

We have developed 68 HIPAA security policies which include 57 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklist and forms as supplemental documents to the required policies. These policies meet the challenges of creating enterprise-wide security policies. The suite addresses all major components of the HIPAA Security Rule and each policy can be adopted or customized based on your organization's needs.

I. Policies on the Standards for Administrative Safeguards

Breach Notification Policy
Security Management Process
Risk Analysis
Risk Management
Sanction Policy
Information System Activity Review
Assigned Security Responsibility
Workforce Security
Authorization and/or Supervision
Workforce Clearance Procedure
Termination Procedures
Information Access Management
Access Authorization
Access Establishment and Modification
Security Awareness & Training
Security Reminders
Protection from Malicious Software
Log-in Monitoring
Password Management
Security Incident Procedures
Response and Reporting
Contingency Plan
Data Backup Plan
Disaster Recovery Plan
Emergency Mode Operation Plan
Testing and Revision Procedure
Applications and Data Criticality Analysis
Evaluation
Business Associate Contracts and Other Arrangements

II. Policies on the Standards for Physical Safeguards

Facility Access Controls
Contingency Operations
Facility Security Plan
Access Control and Validation Procedures
Maintenance Records
Workstation Use
Workstation Security
Device and Media Controls
Disposal
Media Re-use
Accountability
Data Backup and Storage

III. Policies on the Standards for Technical Safeguards

Access Control
Unique User Identification
Emergency Access Procedure
Automatic Logoff
Encryption and Decryption
Audit Controls
Integrity
Mechanism to Authenticate Electronic Protected Health Information
Person or Entity Authentication
Transmission Security
Integrity Controls
Encryption

IV. Organizational Requirements

Policies and Procedures
Documentation
Isolating Healthcare Clearinghouse Function
Group Health Plan Requirements

V. Supplemental Policies for Required HIPAA Policies

Wireless Security Policy
Email Security Policy
Analog Line Policy
Dial-in Access Policy
Automatically Forwarded Email Policy
Remote Access Policy
Ethics Policy
VPN Security Policy
Extranet Policy
Internet DMZ Equipment Policy
Network Security Policy

Total cost: $495 Buy Now (Opens in New Window)

All the templates come in Microsoft Word/excel files so you can add, change and delete content as required to complete your HIPAA Security policies. If you have any questions, or if you wish to see samples from suite, please feel free to contact us at Bob@hipaacompliancesoftware.net or call on (515) 865-4591.