HIPAA Compliance Template for 3rd Party Administrators

Eagle’s policy template helps you increase security, gain compliance, and avoid fines.

HIPAA Policies and Procedures Designed for Health Insurance Brokers

Eagle’s HIPAA policies for Health Insurance brokers are designed to meet the regulatory requirements of insurance brokers who sell medical, dental, vision policies. As an agent for health insurance companies, brokers are HIPAA Business Associates and regulated by HIPAA.  Brokers must have detailed, written HIPAA policies and procedures.  These policies comply with the latest requirements including the HITECH Act of 2009, the Breach Notification Rule, and the 2013 HIPAA Omnibus Rule. Version 2.0 of these policies was released in June 2020 and fully updated based on cloud technology trends and employee work-at-home trends resulting from COVID-19.

HIPAA regulates fully-insured and self-insured group and individual health benefit plans covering medical, dental, and/or vision; health savings accounts; flexible spending accounts; and other types of plans. Brokers involved with any of these types of plans are HIPAA Business Associates of the plan and must comply with the HIPAA regulations.

Benefits of Using These Policy Templates Include:

  • Satisfy health insurance company requirements, breeze through their audits
  • Policies are organized by audience to simplify training for staff
  • Quickly bring your technology into compliance with HIPAA rules as they apply to brokers
  • Saves you $1000’s in consulting fees
  • Ability to customize using Microsoft Word based on unique requirements of your business
  • Satisfaction is guaranteed by Eagle Consulting Partners, a leading consultant for the HIPAA regulations

HIPAA Policy Template for Third Party Administrators

Your comprehensive policy and procedure manual, designed for third party administrators’ compliance with the 2013 HIPAA regulations, in Microsoft Word format.

Avoid HIPAA Penalties

Your organization is subject to both civil and criminal penalties for non-compliance.  That’s right.  Penalties ranging into millions of dollars can be assessed, which makes HIPAA one of the toughest sets of government regulations.  The 4-tier penalty structure is as follows: (see complete federal regulations)

  • Did not know and, by exercising reasonable diligence, would not have known of the violation: Penalty ranges from $100 to $50,000 per violation and up to $1.5 million for identical violation per year.
  • Violation due to reasonable cause and not willful neglect:  $1,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  • Violation due to willful neglect and was corrected within 30 days after the covered entity knew or should have known of the violation: Mandatory fine of $10,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  •  Violation due to willful neglect, and the violation was not corrected within 30 days after the covered entity knew or should have known of the violation:  Mandatory fine of not less than $50,000 per violation; Up to $1,500,000 per identical violation per year.

SAVE 20% ($100) – type in this code at checkout:  Save-20

Contents Include:

1000 Confidentiality, Privacy and Computer Security Definitions
1010 HIPAA – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1035 Prohibitions on use of Genetic Information and Sale of PHI
1040 Speaking with the Family and Friends of a Participant
1050 Authorizations
1060 Verification
1065 Employee Work at Home
1070 Minors, Personal Representatives and Deceased Participants
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do Not Require an Authorization

1200 Participant’s Right to Access Records
1210 Participant’s Right to Request Amendment of Records
1220 Participant’s Right to Receive an Accounting of Disclosures
1230 Participant’s Right to Request Additional Restrictions
1240 Participant’s Right to Request Confidential Communications

1300 Mitigation
1340 Privacy Complaints

1350 Policy Updating and Staff Training
1360 Sanctions for Staff Violations of Privacy/Security Policies
1370 Business Associate Agreements and Vendor Management
1380 HIPAA Assignments and Documentation


1500 Employee Background Checks

2000 HIPAA Security Officer and Security Management Process
2010 Data Backup Policy
2020 Disaster Recovery and Emergency Mode Operation Plans
2030 Facility Security and Access Control
2040 Periodic Security Evaluation and/or Third-Party Audits
2050 Audit Control and Activity Review Policy
2060 Malicious Software Protection Policy
2070 Security Awareness Program
2080 Device and Media Disposal and Re-Use
2085 Encryption and Key Management
2087 User Account Management
2088 Privileged Account Management
2090 Technical Safeguards
2092 Technical Controls for Mobile Devices
2095 Change Management
2100 Breach Reporting


Download HIPAA Policy for Health Insurance Brokers
3010 Employee System Access and Termination Procedures

3080 Computer Usage
3082 Use of Social Media
3085 Computing Devices and Workstations – Company-owned and BYOD
3090 Security Incident Response and Reporting

Appendix A – Identifying Business Associates
Appendix B – Sample HIPAA BAA – For Use with Subcontractors
Appendix B2 – Sample HIPAA BAA – For Use with Customers
Appendix C – Sample Privacy & Security Officer Duties
Appendix D – Facility Security and Safeguards for Oral and Written PHI
Appendix E – Workforce Access to PHI and Safeguards
Appendix F – Minimum Necessary – Procedures for Routine Disclosures and Requests
Appendix G – Miscellaneous
Authorization Form
Disclosure Log
Participant Privacy Instructions
Confidentiality Agreement for Cleaning Agency
Employee-Owned Device Agreement
Company-Owned Device Agreement
Employee Acknowledgement of HIPAA Policies and Procedures

Gary Pritts

Gary Pritts, President of Eagle Consulting Partners, Inc.

About the Author:  Gary Pritts is Founder and President of Eagle Consulting Partners. His unique experience that led to these popular HIPAA Policy templates feature a special focus of designing policies for the audience.  Gary understands brokers as a result of on-site consulting with multiple brokerage agencies.  His in-depth understanding of the HIPAA rules, understanding health insurer requirements for their brokers, knowledge of ERISA and state regulations, and general business experience allowed him to create these policy templates.   Gary’s extensive experience as consultant to brokers, insurance plans, TPAs, and a wide spectrum of other HIPAA-regulated entities over the last 20 years uniquely qualify him to create these policies.  He also understands the business aspects of the agency — he holds an MBA from Harvard. All of these experiences have come together to produce a set of unique policy templates that help cover the unique processes of brokers gleaned first hand in the  trenches.

Limited Time Special… Save 20% ($100)  at Checkout… type in this code:  Save-20

Eagle Consulting offers custom HIPAA and GDPR policy templates

Purchase now:

Protect your organization!

Eagle Consulting offers custom HIPAA and GDPR policy templates

Only Eagle brings decades of healthcare experience for health insurance brokers!

Pin It on Pinterest