Your customers are demanding robust HIPAA compliance. These policy templates are designed specifically for healthcare cloud computing vendors to comply with your customer’s security questionnaires
Cloud Software Vendors with a software-as-a-service business model servicing the healthcare and insurance markets — which store their customers’ HIPAA Protected Health Information — are Business Associates under the HIPAA rules. These policy templates are designed specifically for cloud computing vendors – which includes companies operating electronic health records, revenue cycle, claim processing, online backup, or any other cloud-based service which maintains customer PHI (protected health information). Version 2.0 was released in April 2020 and was fully updated based on the latest technology trends and COVID-19 safeguards, such as a strong work-at-home policy.
Finally, there is an affordable solution to the need for HIPAA policies — comprehensive templates created specifically for cloud computing vendors. Cloud vendors need policies for business processes including software development, change management, help desk operations, data encryption and business associate contracting. All of these are addressed in these policies. These policies specifically address the shared security model which appropriately assign responsibilities between the cloud host (e.g. AWS, Azure, GCP), the cloud software vendor, and the customer.
If you think that AWS, Azure or GCP’s HIPAA compliance certifications free you from the obligation to maintain written policies and procedures — think again!
Eagle Consulting’s HIPAA policy templates for Business Associates will save you thousands of dollars in consulting fees…
- Increase sales with the strong HIPAA compliance demanded by customers.
- Improve your response to customer audits and increase customer retention.
- Reduce anxiety through compliance with the HIPAA laws and your HIPAA Business Associate agreements.
- Easily tailor policies to your business by editing using Microsoft Word.
- Reduce the risk of a financially devastating data breach by using best practices, detailed in these policies, to secure and protect customer data.
- Avoid potentially massive fines from HHS and/or State Attorney Generals.
Satisfaction Guaranteed by Eagle Consulting Partners, a leading consultant for IT security policies for HIPAA.
For years, many cloud vendors have been non-compliant with the HIPAA Business Associate Agreements due to a lack of adequate written policies. Since September of 2013, cloud vendors are directly regulated by the HIPAA regulations. Those without comprehensive policies are at risk of fines from both the Federal Department of Health and Human Services and their state Attorney General. Random federal audits of Business Associates began in 2016 and the first HIPAA penalties were levied on a HIPAA Business Associate in 2016. So, cloud vendors who invest in compliance will protect themselves from this risk.
This download is a comprehensive policy and procedure manual, specifically designed for cloud vendors, in Microsoft Word format, designed to help achieve compliance with the latest HIPAA/HITECH regulations including the 2013 HIPAA Omnibus Rule. Policies can be customized as necessary.
What fines are levied for non-compliance? HHS and state attorney generals may now impose substantial fines against Business Associates who do not comply with HIPAA/HITECH. Fines can be millions of dollars, not to mention the reputation damage that results from the negative publicity — which can lead to loss of customers, reduced sales or even business failure.
HIPAA POLICIES FOR ALL STAFF
1000 Definitions for HIPAA Regulations and HIPAA Policies
1010 Confidentiality and Security – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1050 Computer Usage
1060 Computing Devices and Workstations – Company-owned and BYOD
1070 Employee Work at Home
1080 Duty to Report Violations and Security Incidents
POLICIES FOR ADMINISTRATIVE MANAGEMENT
1500 Employee/Contractor Recruiting and Termination
1600 Disclosures Required by Law
POLICIES FOR TECHNICAL STAFF (an Eagle exclusive)
2000 Technical Support Procedures
2010 Software Development Procedures
2020 Source Code Management
2030 Intellectual Property
2040 Authentication, Passwords and Encryption Keys
POLICIES FOR EXECUTIVE MANAGEMENT AND SECURITY OFFICER
2900 HIPAA Officer Appointment and HIPAA Documentation
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery and Emergency Mode Operation Plans
3015 Facility Security and Access Control
3020 Periodic Security Evaluation and/or Third-Party Audits
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3033 Change Management
3035 Breach Reporting
3040 HIPAA Policy and Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3062 Technical Controls for Mobile Devices
3070 Business Associate Agreements and Vendor Management
3075 Employee System Access
3080 Employee Sanctions
3090 Security Incident Response and Reporting
3095 Supporting Patients with their HIPAA Rights
Appendix A: Identifying Business Associates
Appendix B: Sample HIPAA BAA – For Use with Subcontractors
Appendix B2: Sample HIPAA BAA – For Use with Customers
Appendix C: Facility Security and Access Plan
Appendix D: Workforce Access to PHI and Safeguards
Appendix E: Miscellaneous
Appendix F: Disaster Recovery Plan
Healthcare Cloud Vendor Disclosure Log
Employee-Owned Device Agreement
Company-Owned Device Agreement
Limited Time Special… Save 20% ($100) at Checkout… type in this code: Save-20
Protect your organization!
Eagle brings 2 decades of HIPAA experience with deep understanding of cloud software vendors for appropriate HIPAA compliance!