Eagle policies help DD in Ohio get in compliance quickly.

Eagle policies help DD Boards in Ohio get in compliance quickly.

Ohio DD Boards are subject to multiple regulations regarding privacy, confidentiality, computer security and individual’s access to their records.  These regulations include the Federal HIPAA regulations, the Federal FERPA and IDEA regulations, Ohio Revised Code and Ohio Administrative Code.  

Eagle Consulting Partners, who has served over 60 of Ohio’s County Boards over the last 20 years,  offers a comprehensive set of policies so that County DD Boards can comply with all of these regulations.



SAVE 20% ($100) – type in this code at checkout: Save-20


Eagle continually updates these policies based on changes that affect Ohio DD Boards.  These policies were most recently updated in January 2021. This version includes the following updates:


  • COVID-19 related updates with policies and technical controls for employees working from home and the use of video conferencing
  • New procedures for security risk management, for full compliance with the OCR 2016 audit protocol
  • Updates based on changes to ORC and OAC relating to confidentiality
  • Comprehensive new mobile device management policies, including employee BYOD agreements
  • Password policy changes based on the 2017 release of NIST SP 800-63B
  • Optional Data Governance policy, for larger boards, to address distributed responsibilities for information systems
  • Updates to social media policy to address evolving social media platforms
  • Numerous updates throughout for improved clarity and consistency in terminology


The FERPA regulations, which stands for Family Educational Rights and Privacy Act of 1974, were signed into law by President Ford on August 21, 1974.   This law governs the schools operated by DD boards as well as any other program of DD Boards that receives funds from the Federal Department of Education.  The act has been amended 9 times since then.  These regulations govern confidentiality with rules similar to HIPAA, but with a number of key differences.  These policy templates have been updated for full compliance with the most recent FERPA regulations, which were changed by the Department of Education in 2012.


In 1975, Education for All Handicapped Children Act was passed.  An update to this law in 1990 changed the name to the Individuals with Disabilities Education Act (IDEA) and governs the rights of parents and students with disabilities from ages 0 to 21 (age 18 in Ohio which is our age of legal majority).  These regulations largely mirror the requirements of FERPA with some differences, notably the inclusion of Early Intervention programs.  The Eagle policies provide full compliance with the confidentiality and rights of access provisions in the IDEA Regulations.



Get in compliance quickly with Eagle!

Get in compliance quickly with Eagle!

Eagle’s comprehensive policy and procedure templates speed the process of achieving HIPAA Privacy and Security Compliance. The policy templates are 99 pages in length and are delivered in Microsoft Word format. Appendices which include a customizable Notice of Privacy Practices, Sample Business Associate Agreement and various employee agreements.


Perpetual license is granted to the user to use and modify the policies for a single DD Board. Policies may be used in hardcopy format, or electronically. When used online, all staff have immediate access. On-line citations and references are included with full hyperlink functionality to allow quick access to the relevant HIPAA regulation and/or various reference materials.


Boards wishing to purchase via Purchase Order may call; we will send you the policy templates after receipt of your PO.


SAVE 20% ($100) – type in this code at checkout:  Save-20


The following policies are included:


1000 Confidentiality, Privacy and Computer Security Definitions
1010 Confidentiality – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1040 Speaking with the Family and Friends of an Individual Receiving Services
1050 Authorizations
1060 Verification
1070 Minors, Personal Representatives and Deceased Individuals
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do not Require an Authorization


1200 Individual’s Right to Access Records
1210 Individual’s Right to Request Amendment of Records
1220 Individual’s Right to Receive an Accounting of Disclosures
1230 Individual’s Right to Request Additional Restrictions
1240 Individual’s Right to Request Confidential Communications
1250 Individual’s Right to Notice of Privacy Practices


1300 Business Associate Contracts
1320 Non-intimidation and Non-retaliation
1330 HIPAA Assignments and Documentation
1340 Privacy Complaints
1350 Policy Updating and Staff Training


Eagle Guarantees its HIPAA Policy TemplatesHIPAA SECURITY POLICIES
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan and Emergency Mode Operation
3015 Facility Security and Access Control
3020 Annual Security Evaluation
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3035 Breach Reporting
3040 Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3062 Technical Controls for Mobile Devices
3065 Mitigation
3070 Electronic Signatures


3075 Employee System Access and Termination Procedures


3080 Computer Usage
3082 Social Media Use
3085 Portable Computing Devices
3087 Employee Work at Home
3090 Security Incident Response and Reporting


Appendix A:  Identifying Business Associates
Appendix B: Sample HIPAA Business Associate Agreement
Appendix B2: Sample Service Provider Agreement
Appendix C: Sample Privacy & Security Officer Job Descriptions
Appendix D: Facility Security and Access Plans
Appendix E: Minimum Necessary – Workforce, Disclosures and Requests


  • Workforce Access to PHI and Safeguards
  • Procedures for Routine Disclosures of PHI
  • Procedures for Routine Requests of PHI


Appendix F: Miscellaneous


Authorization Form
Notice of Privacy Practices
Employee-Owned Mobile Device Agreement
Agency-Owned Mobile Device Agreement
Disclosure Log
Acknowledgement of Confidentiality and Computer Security Policies and Procedures




Eagle Consulting offers custom HIPAA and GDPR policy templates

Purchase now:

Protect your organization!

Eagle Consulting offers custom HIPAA and GDPR policy templates

Only Eagle brings decades of healthcare experience to a strong GDPR policy that ALSO covers HIPAA regulations!

DD Board White Paper

Want a copy of this informative guide on keeping your Board secure?  Enter your email below:


Pin It on Pinterest