HIPAA Privacy Rule

All covered entity organizations that handle protected health information (PHI) must follow the HIPAA Privacy Rule. Under HIPAA, PHI is individually identifiable health information that is used, maintained, stored or transmitted by a HIPAA covered entity. It is the responsibility of these organizations to safeguard all protected health information and demonstrate this through carefully crafted HIPAA Policies. The covered entity could be a healthcare provider, health plan, health insurer or healthcare clearinghouse. No matter what your circumstances HIPAA Associates is here to assist with your HIPAA Policies & Procedures.

State Regulations

The privacy laws vary from state by state and must be considered every time HIPAA Polices are created or modified. For example, in the State of Ohio there are certain regulations that are more stringent than the Privacy Rule. An organization must be prepared for these state to state variations in the HIPAA rules. It is important you obtain expert help when creating your HIPAA Policies & Procedures to include the appropriate state regulations


HIPAA Associates


Creating a HIPAA Compliance Plan

To begin with, covered entities must create plans that include HIPAA Policies & Procedures that help safeguard the Protected Health Information (PHI) which the organization handles. This includes all forms of PHI such as written, verbal and electronic. As a result, of the Privacy Rule requirements they will have to protect the confidentiality, integrity, and availability of PHI and electronic (e-PHI). To be fully prepared an entity must also perform a full Security Risk Analysis to assess the health and security of their HIPAA program. HIPAA Associates is here to offer assistance with your HIPAA Policies to create a safe environment for your organization.

HIPAA Associates can help

How We Can Help?

HIPAA Associates Logo

HIPAA Policies and Procedures

HIPAA Policies and Procedures must be implemented to ensure compliance with the HIPAA Rules. Accordingly, these give individuals rights over their PHI and responsibilities to covered entities. The HIPAA Policies implement appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI. HIPAA Policies & Procedures are the key feature of our services. We are here to help your organization.

Implementing a Training Plan

The program must implement a training plan that trains workforce members on the requirements and HIPAA Policies that apply to them in their individual roles. The training program must train all workforce members upon employment on HIPAA and Policies and Procedures and on a regular basis thereafter. It is important to recognize the OCR does not accept the term “Certification,” but rather wants organizations to confirm all personnel have received appropriate training on the Privacy Rule.

Appoint a Privacy Officer

Privacy and Security Officers must be appointed through the HIPAA Policies to oversee the HIPAA program. They are responsible for oversight of the program and for tracking, investigating, resolving and documenting all privacy and security complaints and investigative steps taken. They ensure there is no retaliation against any workforce member or other individual for reporting a PHI breach or filing a HIPAA complaint.

Business Associate Agreements

A covered entity must enter into a Business Associate Agreement with each organization or vendor that accesses, uses or discloses PHI to on behalf of the organization .  This will ensure the Business Associate uses appropriate safeguards to protect the PHI in the same manner that the covered entity must.  It is essential that every covered entity create Business Associate Agreements with any entity that handles PHI on their behalf. 

Prime examples of Business Associates would include accounting, billing, legal, risk management and IT services. Accordingly, we will help you identify business associates and provide business associate agreements.


HIPAA Policies hold providers and workforce members accountable for protecting PHI. Naturally this occurs through its HIPAA Policies & Procedures. In addition, the HIPAA Policies outline the consequences of a PHI breach or any violation of the policies in the compliance plan. By having a plan in place, it will help mitigate any breaches of PHI that might occur in the future. Finally, HIPAA Polices & Procedures also ensure that all workforce members, which includes employees, physicians, volunteers and trainees are properly trained on how to handle PHI in all of its forms.

Download our HIPAA Compliance Checklist

HIPAA Associates presents their HIPAA Compliance Checklist for 2021.  We believe this will give you a good start on creating your HIPAA Polices & Procedures.

Download – HIPAA Compliance Checklist

HIPAA Associates Will Assist Your Practice

Our professionals are prepared to assist you with all of these important policies and procedures. HIPAA Associates offers HIPAA Policies that include HIPAA privacy and HIPAA security. This includes all security policies and procedures and breach reporting requirements in compliance with the HIPAA Rules. Of great importance, HIPAA Associates is always available to assist you when questions arise regarding the HIPAA Rule. HIPAA Consulting is the main focus of our organization. We would be happy to discuss with you how we can help with your program.

HIPAA Policies

Policies for Organization

Our HIPAA Policies consist of Privacy Policies, Security Policies and HIPAA Training for your staff. We will help you be fully prepared for the HIPAA Privacy Rule.

Contact us for your HIPAA Compliance Plan

Contact Us – HIPAA Compliance Plan

HIPAA Privacy Policies

Privacy Policy Template

Our Privacy Policy Template is ready for purchase by the organization. This is easily modifiable for immediate use. It covers all the HIPAA Privacy Policies & Procedures to be compliant with the Privacy Rule & HITECH Regulations.

Learn More – Privacy Policies

Template Privacy Policies – Contact Us

HIPAA Security Policies

Security Policies for organization

We offer Security Policies that will help you prepare for Security Rule compliance. These are ready for you to implement with your organization.

Learn More – Security Polcies

Template Security Policies – Contact Us

Customized HIPAA Policies

Customized HIPAA Policies

We specialize in fully customized HIPAA Policies created specifically for your organization. We consider all the key features of your covered entity and its specific requirements and create your HIPAA Polices & Procedures in close consultation with your Privacy and Security Officer.

Learn More – Customized HIPAA Policies

Fully Customized HIPAA Policies – Contact Us

HIPAA Consulting

We provide HIPAA consulting and advise on individual issues related to HIPAA privacy, security and breach notification. Above all, HIPAA Associates has the knowledge and breadth of experience to assess your unique situation and needs to craft the plan that you need for ultimate protection for PHI and the organization. Consequently, we can help protect your organization from issues that may otherwise bring involvement by the Office for Civil Rights. 

Privacy Complaint Response

We will assist with response to HIPAA complaints and investigate any privacy or security matter on your behalf whether from a patient, another individual or the Office for Civil Rights. We have extensive experience in responding to Office for Civil Rights investigative letters and working with them to resolve complaints.

HIPAA Breach Reporting

HIPAA Data Breaches

Breach Notification

HIPAA Associates works with clients on the breach analysis to determine if they are dealing with a breach of unsecured PHI. For incidents that are reportable breaches there are steps and deadlines that one must follow for compliant reporting to the individual and to the Office for Civil Rights. Furthermore, we will assist you throughout the process from start to finish on all aspects including mitigation of damages, creating a corrective action plan, drafting notice letters and reporting to the OCR.



Breach Analysis and Notification – Contact Us

First of all it is important to follow all necessary steps to report a breach successfully to the OCR. Breaches vary depending on the facts and circumstances. We have the experience to know what information to include in a breach notification letter and in the report to the OCR. Additionally, we will guide you through the additional steps that must take place for large breaches that affect 500 or more individuals. HIPAA Associates manages breach analysis, notification to the individual(s) affected, mitigation of damages, retraining and reporting to the Office for Civil Rights. HIPAA Breach Reporting is a key feature of our service.

Breach Notification Assistance

Frequently Asked Questions:

Do we need a HIPAA Compliance Plan?

Any covered entity that handles protected health information (PHI) must be prepared to protect that information. This is done by creating and implementing a HIPAA compliance plan with policies and procedures to safeguard PHI. The must outline the steps you will have to take in the event of a breach.

The plan will ensure that all workforce members are properly trained on how to handle PHI in all its forms.

HIPAA Associates is prepared to create the perfect compliance plan for your organization that has all the necessary policies, procedures and training you will need to keep your PHI safe.

HIPAA Compliance

HIPAA Associates is prepared to create the perfect compliance plan for your organization that has all the necessary policies, procedures and training you will need to keep your PHI safe.

How do I handle a breach?

It is important to follow all the steps to report a breach to the OCR. Every breach is different and must be handled on a case by case basis. A full breach analysis must be performed to determine if there was an impermissible use or disclosure that compromises the security of protected health information. Factors to be resolved are:
1. The nature and extent of the breach including identifiers
2. The unauthorized person to whom disclosure is made
3. Whether the PHI was acquired or viewed
4. The extent to which the risk to PHI has been mitigated.

HIPAA Associates can help your organization through this process to ensure you follow all the important steps.

Get information on Breach Reporting
Give us your review please

How to create a Compliance Plan

  • Implement Policies & Standards

Policies and procedures help establish the rules your organization will need to carry out the requirements of federal health care program guidelines.

  • Designate a Compliance Officer

The compliance officer will be responsible for operating and monitoring the compliance program.

  • Conduct an effective training program

All personnel should receive training on fraud & abuse laws as well as the compliance program.

  • Develop effective lines of communication

Employees must have avenues available for reporting concerns internally. Anonymous reporting must be available.

  • Conduct internal monitoring and auditing

A good program will have an ongoing process to evaluate and assess the organization for inappropriate behavior.

  • Enforce standards of conduct with guidelines

An organization must have well published standards of conduct. The plan should clearly state the implications and penalties of violating the standards.

  • Respond promptly to violations and take corrective action

An organization must ensure timely and effective remedial action for offenses.