HIPAA Policies and Procedures Designed for Third Party Administrators (TPAs)
Eagle’s HIPAA policies for TPAs are designed to meet the regulatory requirements of small to medium-sized third-party administrators (TPAs) who administer health benefit plans covered by HIPAA. Notably, under the HIPAA regulations, TPAs are obligated to have detailed, written policies and procedures. All policies have been updated for HIPAA compliance with the latest requirements, including the HITECH Act of 2009, the Breach Notification Rule, and the 2013 HIPAA Omnibus Rule.
HIPAA regulates self-insured group health benefit plans covering medical, dental and/or vision; health savings accounts; flexible spending accounts; and other types of plans. Consequently, TPAs who administer any of these types of plans are HIPAA Business Associates of the plan and must comply with the HIPAA regulations.
These policies include address the requirements that apply to all HIPAA Business Associates. Plus, the policies provide procedures for the many situations when the TPA acts on the behalf of the health plan, so that these actions are conducted in a HIPAA-compliant manner.
Benefits of Using These Policy Templates Include:
- Policies are organized by audience to simplify training for staff
- Quickly bring your technology into compliance with HIPAA rules for TPA business associates
- Saves you $1000’s in consulting fees
- Ability to customize using Microsoft Word based on unique requirements of your business
- Satisfaction is guaranteed by Eagle Consulting Partners, a leading consultant for the HIPAA regulations
Avoid HIPAA Penalties
Your organization is subject to both civil and criminal penalties for non-compliance. That’s right. Penalties ranging into millions of dollars can be assessed, which makes HIPAA one of the toughest sets of government regulations. The 4-tier penalty structure is as follows: (see complete federal regulations)
- Did not know and, by exercising reasonable diligence, would not have known of the violation: Penalty ranges from $100 to $50,000 per violation and up to $1.5 million for identical violation per year.
- Violation due to reasonable cause and not willful neglect: $1,000 to $50,000 per violation;
Up to $1,500,000 per identical violation per year.
- Violation due to willful neglect and was corrected within 30 days after the covered entity knew or should have known of the violation: Mandatory fine of $10,000 to $50,000 per violation;
Up to $1,500,000 per identical violation per year.
- Violation due to willful neglect, and the violation was not corrected within 30 days after the covered entity knew or should have known of the violation: Mandatory fine of not less than $50,000 per violation; Up to $1,500,000 per identical violation per year.
SAVE 20% ($100) – type in this code at checkout: Save-20
HIPAA POLICIES FOR ALL STAFF
1000 Confidentiality, Privacy and Computer Security Definitions
1010 HIPAA – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1035 Prohibitions on use of Genetic Information and Sale of PHI
1040 Speaking with the Family and Friends of a Participant
1070 Minors, Personal Representatives and Deceased Participants
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do Not Require an Authorization
1200 Participant’s Right to Access Records
1210 Participant’s Right to Request Amendment of Records
1220 Participant’s Right to Receive an Accounting of Disclosures
1230 Participant’s Right to Request Additional Restrictions
1240 Participant’s Right to Request Confidential Communications
CONFIDENTIALITY POLICIES FOR SUPERVISORS
1340 Privacy Complaints
SHARED PRIVACY/SECURITY POLICIES
1350 Policy Updating and Staff Training
1360 Sanctions for Staff Violations of Privacy/Security Policies
1370 Business Associate Contracts
1380 HIPAA Assignments and Documentation
POLICIES FOR ADMINISTRATIVE MANAGEMENT
1500 Employee/Contractor Recruiting and Termination
HIPAA SECURITY POLICIES
POLICIES FOR COMPANY OWNER AND THE SECURITY OFFICER
2000 HIPAA Security Officer and Security Management Process
2010 Data Backup Policy
2020 Disaster Recovery Plan and Emergency Mode Operation
2030 Facility Security and Access Control
2040 Annual Security Evaluation
2050 Audit Control and Activity Review Policy
2060 Malicious Software Protection Policy
2070 Security Awareness Program
2080 Device and Media Disposal and Re-Use
2090 Technical Safeguards
2100 Breach Reporting
POLICIES FOR EXECUTIVE MANAGEMENT & SECURITY OFFICER
3010 Employee System Access and Termination Procedures
HIPAA ADMINISTRATIVE REQUIREMENTS
SECURITY POLICIES FOR ALL STAFF
3080 Computer Usage
3082 Use of Social Media
3085 Portable Computing Devices and Home Computer Use
3090 Security Incident Response and Reporting
Appendix A – Identifying Business Associates
Appendix B – Sample HIPAA BAA – For Use with Subcontractors
Appendix B2 – Sample HIPAA BAA – For Use with Customers
Appendix C – Sample Privacy & Security Officer Duties
Appendix D – Facility Security and Safeguards for Oral and Written PHI
Appendix E – Workforce Access to PHI and Safeguards
Appendix F – Minimum Necessary – Procedures for Routine Disclosures and Requests
Appendix G – Miscellaneous
Participant Privacy Instructions
Confidentiality Agreement for Cleaning Agency
Employee Acknowledgement of HIPAA Policies and Procedures
About the Author: Gary Pritts is Founder and President of Eagle Consulting Partners. His unique experience that led to these popular HIPAA Policy templates feature a special focus on IT Security with effective policies that staff can carry out efficiently. Gary understands TPAs as a result of on-site consulting with multiple agencies. His in-depth understanding of the HIPAA rules, and understanding of ERISA regulations, have allowed him to create these policy templates. Gary’s extensive experience as consultant to TPAs, insurance plans, hospital trustee, CSO for a cloud healthcare messaging company and services to over 1,000 organizations over the last 15 years uniquely qualify him to create these policies. He also understands the business aspects of the agency — he holds an MBA from Harvard. All of these experiences have come together to produce a set of unique policy templates that help cover the unique processes of public health agencies gleaned first hand in the public health trenches.
Limited Time Special… Save 20% ($100) at Checkout… type in this code: Save-20
Purchase now:Protect your organization!
Only Eagle brings decades of healthcare experience to a strong GDPR policy that ALSO covers HIPAA regulations!