The HIPAA Security Rule must be followed by all covered entity organizations that handle electronic protected health information (PHI). The HIPAA Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA and to their business associates. It is the responsibility of these organizations who are focused on HIPAA compliance to safeguard all protected health information and demonstrate this through a carefully crafted HIPAA compliance plan with HIPAA Security Standards and designation of a HIPAA security officer as required by the Security Rule. HIPAA Associates offers a HIPAA Security Policies and Procedures Template to help you complete your HIPAA Compliance Plan.

HIPAA Security

The Security rule was adopted to implement provisions of the Health Insurance Portability and Accountability Act (HIPAA). This rule sets the standards for ensuring that only those who should have access to electronic protected health information (EPHI) will actually have access. The Security Rule requires covered entities to have in place appropriate administrative, physical, and technical safeguards and to implement those safeguards reasonably. In addition to be fully prepared an entity must also perform a full Security Risk Analysis to assess the health and security of their HIPAA program. An organization that is just getting started with their HIPAA plan may consider a HIPAA Gap Analysis which gives an overview of risk factors. For more information on Implementing the Security Rule, please visit our resource pages.

HIPAA Security Policy Templates

Our HIPAA Securiy Policies cover all of the important issues which will affect a covered entity or a business associate.

The following are the topics covered by our template policies which are ready to implement in any HIPAA Compliance program.

Topics Covered

  • History of Security Rule
  • General Overview
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Organizational Policies and Procedures and Documentation Requirements
  • Security Rule Requirements for Risk Analysis and Risk Management

HIPAA Security Policies

Administrative Safeguards

Security Management Process

  • Risk Analysis
  • Risk Management
  • Sanction Policy
  • Information System Activity Review

Assigned Security Responsibility

Workforce Security

  • Authorization and/or Supervision
  • Workforce Clearance Procedure
  • Termination Procedure

Information Access Management

  • Access Authorization
  • Access Establishment and Modification

Security Awareness and Training

  • Security Reminders
  • Protection from Malicious Software
  • Log-in Monitoring
  • Password Management

Security Incident Procedures

  • Response and Reporting

Contingency Plan

Data Backup Plan

  • Disaster Recovery Plan
  • Emergency Mode Operation Plan
  • Testing and Revision Procedures
  • Applications and Data Criticality Analysis

Technical & Non-technical Evaluation

Business Associate Contracts and Other Arrangements

  • Written Contract or Other Arrangements

Physical Safeguards

Facility Access Controls

  • Contingency Operations
  • Facility Security Plan
  • Access Control and Validation Records
  • Maintenance Records

Workstation Use

Workstation Security

Device and Media Controls

  • Disposal
  • Media Re-use
  • Accountability
  • Data Backup & Storage

Technical Safeguards

Access Control

  • Unique User Identification
  • Emergency Access Procedure
  • Automatic Logoff
  • Encryption and Decryption

Audit Controls

Integrity

  • Mechanism to Authenticate Electronic Protected Health Information

Person or Entity Authentication

Transmission Security

  • Integrity Controls
  • Encryption

HIPAA Security Policy Template

HIPAA Security Policies

We offer a HIPAA Security Policy Template that will help you prepare for Security Rule Compliance. These are easily modifiable for immediate use. They cover all the policies & procedures necessary to be compliant with the Privacy Rule & HITECH Regulations.

Template Security Policies – Contact Us

Contact us for your HIPAA Security Policies

Security Policies

HIPAA Associates Will Help

Our professionals will assist you with all of these important policies and procedures. HIPAA Associates develops and consults on HIPAA compliance plans that include HIPAA privacy and security, policies and procedures and breach reporting requirements in compliance with the HIPAA Rules. Of great importance to your organization , HIPAA Associates is always available to assist you when questions arise regarding the HIPAA Rule. HIPAA consulting is the main focus of our organization. We would be happy to discuss with you how we can help with your program.

Frequently Asked Questions:

HIPAA Security Compliance

Do we need a HIPAA Compliance Plan?

Any covered entity that handles protected health information (PHI) must be prepared to protect that information.  This is done by creating and implementing a HIPAA compliance plan with policies and procedures to safeguard PHI.  The plan will outline the steps you will have to take in the event of a breach.  This will ensure that all workforce members are properly trained on how to handle PHI in all its forms.

HIPAA Associates is prepared to create the perfect compliance plan for your organization that has all the necessary policies, procedures and training you will need to keep your PHI safe.

Appoint a Security Officer

A HIPAA Security Officer, once appointed will oversee the HIPAA Security program. They are responsible for oversight of the program and for tracking, investigating, resolving and documenting all privacy and security complaints and investigative steps taken. They ensure there is no retaliation against any workforce member or other individual for reporting a PHI breach or filing a HIPAA complaint.

Implement a Training Plan

The program must implement a training plan that trains workforce members on the requirements and policies that apply to them in their individual roles. The training program must train all workforce members upon employment on HIPAA and policies and procedures and on a regular basis thereafter. The OCR does not accept the term “Certification,” but rather wants to confirm all personnel have received appropriate training.

Download a HIPAA Compliance Checklist