Cloud Computing Vendors servicing the healthcare and insurance markets — which store their customers’ HIPAA Protected Health Information — are Business Associates under the HIPAA rules. These policy templates are designed specifically for cloud computing vendors – which includes companies operating electronic health records, revenue cycle, claim processing, online backup, or any other cloud-based service which maintains customer PHI (protected health information).
Finally, there is an affordable solution to the need for HIPAA policies — comprehensive templates created specifically for cloud computing vendors. Cloud vendors need policies for business processes including software development, change management, help desk operations, data encryption and business associate contracting. All of these are addressed in these policies.
If you outsource your hosting and think that the security of your hosting vendor frees you from the obligation to maintain written policies and procedures — think again!
Eagle Consulting’s HIPAA policy templates for Business Associates will save you thousands of dollars in consulting fees…
- Increase sales with the strong HIPAA compliance demanded by customers.
- Improve your response to customer audits and increase customer retention.
- Reduce anxiety through compliance with the HIPAA laws and your HIPAA Business Associate agreements.
- Easily tailor policies to your business by editing using Microsoft Word.
- Reduce the risk of a financially devastating data breach by using best practices, detailed in these policies, to secure and protect customer data.
- Avoid potentially massive fines from HHS and/or State Attorney Generals.
Satisfaction Guaranteed by Eagle Consulting Partners, a leading consultant for IT security policies for HIPAA.
For years, many cloud vendors have been non-compliant with the HIPAA Business Associate Agreements due to a lack of adequate written policies. Since September of 2013, cloud vendors are directly regulated by the HIPAA regulations. Those without comprehensive policies are at risk of fines from both the Federal Department of Health and Human Services and their state Attorney General. Random federal audits of Business Associates began in 2016 and the first HIPAA penalties were levied on a HIPAA Business Associate in 2016. So, cloud vendors who invest in compliance will protect themselves from this risk.
This download is a comprehensive policy and procedure manual, specifically designed for cloud vendors, in Microsoft Word format, designed to help achieve compliance with the latest HIPAA/HITECH regulations including the 2013 HIPAA Omnibus Rule. Policies can be customized as necessary.
What fines are levied for non-compliance? HHS and state attorney generals may now impose substantial fines against Business Associates who do not comply with HIPAA/HITECH. Fines can be millions of dollars, not to mention the reputation damage that results from the negative publicity — which can lead to loss of customers, reduced sales or even business failure.
HIPAA POLICIES FOR ALL STAFF
1000 Definitions for HIPAA Regulations and HIPAA Policies
1010 Confidentiality and Security – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1050 Computer Usage
1060 Portable Computing Devices and Home Computer Use
1080 Duty to Report Violations and Security Incidents
POLICIES FOR HUMAN RESOURCE DEPARTMENT
1500 Employee/Contractor Recruiting and Termination
POLICIES FOR TECHNICAL STAFF (an Eagle exclusive)
2000 Technical Support Procedures
2010 Software Development Procedures
2030 Intellectual Property
2040 Passwords and Encryption Keys
POLICIES FOR EXECUTIVE MANAGEMENT AND SECURITY OFFICER
2900 Security Officer Appointment and Duties
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan and Emergency Mode Operation
3015 Facility Security and Access Control
3020 Periodic Security Evaluation
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3035 Breach Reporting
3040 Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3070 Business Associate Contracts
3075 Employee System Access
3075 Employee System Access and Termination Procedures
3090 Security Incident Response and Reporting
3095 Complying with Patient HIPAA Rights
Appendix A: Identifying Business Associates
Appendix B: Sample HIPAA Business Associate Agreement
Appendix D: Facility Security and Access Plan
Appendix E: Workforce Access to PHI and Safeguards
Appendix F: Miscellaneous
Appendix G: Disaster Recovery Plan
Limited Time Special… Save 20% ($100) at Checkout… type in this code: Save-20