Business Associates HIPAA

Your customers are demanding robust HIPAA compliance. These policy templates are designed specifically for healthcare cloud computing vendors to comply with your customer’s security questionnaires 

Cloud Software Vendors with a software-as-a-service business model servicing the healthcare and insurance markets — which store their customers’ HIPAA Protected Health Information — are Business Associates under the HIPAA rules.  These policy templates are designed specifically for cloud computing vendors – which includes companies operating electronic health records, revenue cycle, claim processing, online backup, or any other cloud-based service which maintains customer PHI (protected health information). Version 2.2 was released in January 2021 and was fully updated based on the latest technology trends and COVID-19 safeguards, such as a strong work-at-home policy.

Finally, there is an affordable solution to the need for HIPAA policies — comprehensive templates created specifically for cloud computing vendors. Cloud vendors need policies for business processes including software development, change management, help desk operations, data encryption and business associate contracting. All of these are addressed in these policies. These policies specifically address the shared security model which appropriately assign responsibilities between the cloud host (e.g. AWS, Azure, GCP), the cloud software vendor, and the customer. These policies are built on the same rigorous standards (NIST, ISO 27001, Trust Services Criteria) that certification frameworks including HITRUST and the SOC 2 audits use — so they are excellent preparation for companies that seek those certifications.

If you think that AWS, Azure or GCP’s HIPAA compliance certifications free you from the obligation to maintain written policies and procedures — think again!

Eagle Consulting’s HIPAA policy templates for Business Associates will save you thousands of dollars in consulting fees…

  • Increase sales with the strong HIPAA compliance demanded by customers.
  • Improve your response to customer audits and increase customer retention.
  • Reduce anxiety through compliance with the HIPAA laws and your HIPAA Business Associate agreements.
  • Easily tailor policies to your business by editing using Microsoft Word.
  • Reduce the risk of a financially devastating data breach by using best practices, detailed in these policies, to secure and protect customer data.
  • Avoid potentially massive fines from HHS and/or State Attorney Generals.

Satisfaction Guaranteed by Eagle Consulting Partners, a leading consultant for IT security policies for HIPAA.

For years, many cloud vendors have been non-compliant with the HIPAA Business Associate Agreements due to a lack of adequate written policies. Since September of 2013, cloud vendors are directly regulated by the HIPAA regulations. Those without comprehensive policies are at risk of fines from both the Federal Department of Health and Human Services and their state Attorney General. Random federal audits of Business Associates began in 2016 and the first HIPAA penalties were levied on a HIPAA Business Associate in 2016.  So, cloud vendors who invest in compliance will protect themselves from this risk.

Limited Time… SAVE 20% ($100) – type in this code at checkout:  Save-20

This download is a comprehensive policy and procedure manual, specifically designed for cloud vendors, in Microsoft Word format, designed to help achieve compliance with the latest HIPAA/HITECH regulations including the 2013 HIPAA Omnibus Rule.  Policies can be customized as necessary.

Your comprehensive policy and procedure manual, designed for cloud vendor compliance with the latest HIPAA regulations, in Microsoft Word format.

Your comprehensive policy and procedure manual, designed for cloud vendor compliance with the 2013 HIPAA regulations, in Microsoft Word format.

What fines are levied for non-compliance?  HHS and state attorney generals may now impose substantial fines against Business Associates who do not comply with HIPAA/HITECH. Fines can be millions of dollars, not to mention the reputation damage that results from the negative publicity — which can lead to loss of customers, reduced sales or even business failure.

Contents Include:


1000 Definitions for HIPAA Regulations and HIPAA Policies
1010 Confidentiality and Security – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1050 Computer Usage
1060 Computing Devices and Workstations – Company-owned and BYOD
1070 Employee Work at Home
1080 Duty to Report Violations and Security Incidents
1500 Employee/Contractor Recruiting and Termination
1600 Disclosures Required by Law
POLICIES FOR TECHNICAL STAFF (an Eagle exclusive)Eagle Guarantees its HIPAA Policy Templates
2000 Technical Support Procedures
2010 Software Development Procedures
2020 Source Code Management
2030 Intellectual Property
2040 Authentication, Passwords and Encryption Keys
2900 HIPAA Officer Appointment and HIPAA Documentation
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery and Emergency Mode Operation Plans
3015 Facility Security and Access Control
3020 Periodic Security Evaluation and/or Third-Party Audits
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3033 Change Management
3035 Breach Reporting
3040 HIPAA Policy and Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3062 Technical Controls for Mobile Devices
3070 Business Associate Agreements and Vendor Management
3075 Employee System Access
HIPAAtempVendors3080 Employee Sanctions
3090 Security Incident Response and Reporting
3095 Supporting Patients with their HIPAA Rights
Appendix A: Identifying Business Associates
Appendix B: Sample HIPAA BAA – For Use with Subcontractors
Appendix B2: Sample HIPAA BAA – For Use with Customers
Appendix C: Facility Security and Access Plan
Appendix D: Workforce Access to PHI and Safeguards
Appendix E: Miscellaneous
Appendix F: Disaster Recovery Plan
Healthcare Cloud Vendor Disclosure Log
Employee-Owned Device Agreement
Company-Owned Device Agreement

Limited Time Special… Save 20% ($100)  at Checkout… type in this code:  Save-20

Eagle Consulting offers custom HIPAA and GDPR policy templates

Purchase now:

Protect your organization!

Eagle Consulting offers custom HIPAA and GDPR policy templates

Eagle brings 2 decades of HIPAA experience with deep understanding of cloud software vendors for appropriate HIPAA compliance!

Pin It on Pinterest