Select Page
HIPAA Compliance Template for 3rd Party Administrators

Eagle’s policy template helps you increase security, gain compliance, and avoid fines.

HIPAA Policies and Procedures Designed for Third Party Administrators (TPAs)

Eagle’s HIPAA policies for TPAs are designed to meet the regulatory requirements of small to medium-sized third-party administrators (TPAs) who administer health benefit plans covered by HIPAA.  Notably, under the HIPAA regulations, TPAs are obligated to have detailed, written policies and procedures.  All policies have been updated for HIPAA compliance with the latest requirements, including the HITECH Act of 2009, the Breach Notification Rule, and the 2013 HIPAA Omnibus Rule.

HIPAA regulates self-insured group health benefit plans covering medical, dental and/or vision;  health savings accounts; flexible spending accounts;  and other types of plans.  Consequently, TPAs who administer any of these types of plans are HIPAA Business Associates of the plan and must comply with the HIPAA regulations.

These policies include address the requirements that apply to all HIPAA Business Associates.  Plus, the policies provide procedures for the many situations when the TPA acts on the behalf of the health plan, so that these actions are conducted in a HIPAA-compliant manner.

Benefits of Using These Policy Templates Include:

  • Policies are organized by audience to simplify training for staff
  • Quickly bring your technology into compliance with HIPAA rules for TPA business associates
  • Saves you $1000’s in consulting fees
  • Ability to customize using Microsoft Word based on unique requirements of your business
  • Satisfaction is guaranteed by Eagle Consulting Partners, a leading consultant for the HIPAA regulations

HIPAA Policy Template for Third Party Administrators

Your comprehensive policy and procedure manual, designed for third party administrators’ compliance with the 2013 HIPAA regulations, in Microsoft Word format.

Avoid HIPAA Penalties

Your organization is subject to both civil and criminal penalties for non-compliance.  That’s right.  Penalties ranging into millions of dollars can be assessed, which makes HIPAA one of the toughest sets of government regulations.  The 4-tier penalty structure is as follows: (see complete federal regulations)

  • Did not know and, by exercising reasonable diligence, would not have known of the violation: Penalty ranges from $100 to $50,000 per violation and up to $1.5 million for identical violation per year.
  • Violation due to reasonable cause and not willful neglect:  $1,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  • Violation due to willful neglect and was corrected within 30 days after the covered entity knew or should have known of the violation: Mandatory fine of $10,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  •  Violation due to willful neglect, and the violation was not corrected within 30 days after the covered entity knew or should have known of the violation:  Mandatory fine of not less than $50,000 per violation; Up to $1,500,000 per identical violation per year.

SAVE 20% ($100) – type in this code at checkout:  Save-20

Contents Include:

1000 Confidentiality, Privacy and Computer Security Definitions
1010 HIPAA – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1035 Prohibitions on use of Genetic Information and Sale of PHI
1040 Speaking with the Family and Friends of a Participant
1050 Authorizations
1060 Verification
1070 Minors, Personal Representatives and Deceased Participants
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do Not Require an Authorization

1200 Participant’s Right to Access Records
1210 Participant’s Right to Request Amendment of Records
1220 Participant’s Right to Receive an Accounting of Disclosures
1230 Participant’s Right to Request Additional Restrictions
1240 Participant’s Right to Request Confidential Communications

1300 Mitigation
1340 Privacy Complaints

1350 Policy Updating and Staff Training
1360 Sanctions for Staff Violations of Privacy/Security Policies
1370 Business Associate Contracts
1380 HIPAA Assignments and Documentation


1500 Employee/Contractor Recruiting and Termination

2000 HIPAA Security Officer and Security Management Process
2010 Data Backup Policy
2020 Disaster Recovery Plan and Emergency Mode Operation
2030 Facility Security and Access Control
2040 Annual Security Evaluation
2050 Audit Control and Activity Review Policy
2060 Malicious Software Protection Policy
2070 Security Awareness Program
2080 Device and Media Disposal and Re-Use
2090 Technical Safeguards
2100 Breach Reporting


Download HIPAA Policy for 3rd Party Administrators
3010 Employee System Access and Termination Procedures

3080 Computer Usage
3082 Use of Social Media
3085 Portable Computing Devices and Home Computer Use
3090 Security Incident Response and Reporting

Appendix A – Identifying Business Associates
Appendix B – Sample HIPAA BAA – For Use with Subcontractors
Appendix B2 – Sample HIPAA BAA – For Use with Customers
Appendix C – Sample Privacy & Security Officer Duties
Appendix D – Facility Security and Safeguards for Oral and Written PHI
Appendix E – Workforce Access to PHI and Safeguards
Appendix F – Minimum Necessary – Procedures for Routine Disclosures and Requests
Appendix G – Miscellaneous
Authorization Form
Disclosure Log
Participant Privacy Instructions
Confidentiality Agreement for Cleaning Agency
Employee Acknowledgement of HIPAA Policies and Procedures

Gary Pritts

Gary Pritts, President of Eagle Consulting Partners, Inc.

About the Author:  Gary Pritts is Founder and President of Eagle Consulting Partners. His unique experience that led to these popular HIPAA Policy templates feature a special focus on IT Security with effective policies that staff can carry out efficiently.  Gary understands TPAs as a result of on-site consulting with multiple agencies.  His in-depth understanding of the HIPAA rules, and understanding of ERISA regulations, have allowed him to create these policy templates.   Gary’s extensive experience as consultant to TPAs, insurance plans, hospital trustee, CSO for a cloud healthcare messaging company and services to over 1,000 organizations over the last 15 years uniquely qualify him to create these policies.  He also understands the business aspects of the agency — he holds an MBA from Harvard. All of these experiences have come together to produce a set of unique policy templates that help cover the unique processes of public health agencies gleaned first hand in the public health trenches.

Limited Time Special… Save 20% ($100)  at Checkout… type in this code:  Save-20

Eagle Consulting offers custom HIPAA and GDPR policy templates

Purchase now:

Protect your organization!

Eagle Consulting offers custom HIPAA and GDPR policy templates

Only Eagle brings decades of healthcare experience to a strong GDPR policy that ALSO covers HIPAA regulations!

About Gary Pritts

President, Gary Pritts

Gary consults in the areas of physician practice management, medical information systems, HIPAA compliance, health and productivity management and general business management.  Gary serves on the board of Lakewood Hospital, one of the Cleveland Clinic Regional Hospitals, and is a founder and past president of eHealth Ohio, and is active with numerous professional organizations.  He served as product development manager for the EDI clearinghouse division of Quadax, a regional clearinghouse, and  understands provider organizations from his 6 years as President and owner of Premier Rehab, a Medicare Certified Rehab agency with two Cleveland locations.  His computer background includes 15 years in various computer and computer service organizations.  He has a B.S. in Computer Science from Purdue University and an M.B.A. from Harvard Business School.

Pin It on Pinterest