Eagle HIPAA Policy Templates for Information Technology Companies

Eagle’s policy template helps you increase security, gain compliance, and avoid fines.

HIPAA Policies and Procedures Designed for Information Technology Companies (Business Associates)

These policies are designed to meet the regulatory requirements of Information Technology companies who provide software or services to healthcare organizations including physician practices, hospitals, insurance plans, other HIPAA covered entities and other Business Associates.  This includes IT consultants, Managed Services companies, Value-added Resellers and software authors offering medical or insurance software and other IT service providers. (Note that we have a separate set of policies for Cloud Computing Vendors!)  Under the HIPAA regulations, Information Technology companies who serve these customers are HIPAA Business Associates and are obligated to have certain written policies and procedures. All policies have been updated for compliance with the requirements of the HITECH Act of 2009, the Breach Notification Rule, and the HIPAA Omnibus Rule published January 25, 2013.

These policies are completely different from policies designed for medical practices, hospitals or insurance companies.  They are specifically built based on the business and services provided by IT organizations who serve covered entities.  The benefits of using these policy templates include:

  • Quickly bring your technology into compliance with HIPAA rules for business associates
  • Saves you $1000’s in consulting fees
  • Ability to customize using Microsoft Word based on unique requirements of your business
  • Satisfaction is guaranteed by Eagle Consulting Partners, a leading consultant for IT security policies in healthcare
information technology companies

Your comprehensive policy and procedure manual, designed for information technology companies’ compliance with the 2013 HIPAA regulations, in Microsoft Word format.

Your organization is subject to both civil and criminal penalties for non-compliance.  That’s right.  In fact, beginning in 2016 the first-ever random audits of HIPAA Business Associates have begun.  Penalties ranging into millions of dollars can be assessed, which makes HIPAA one of the toughest sets of government regulations.  The 4 tier penalty structure is as follows: (see PDF)

  • Did not know and, by exercising reasonable diligence, would not have known of the violation:  Penalty ranges from $100 to $50,000 per violation and up to $1.5 million for identical violation per year.
  • Violation due to reasonable cause and not willful neglect:  $1,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  • Violation due to willful neglect but the violation is corrected within 30 days after the covered entity knew or should have known of the violation:  Mandatory fine of $10,000 to $50,000 per violation;
    Up to $1,500,000 per identical violation per year.
  •  Violation due to willful neglect, and the violation was not corrected within 30 days after the covered entity knew or should have known of the violation:  Mandatory fine of not less than $50,000 per violation; Up to $1,500,000 per identical violation per year.
SAVE 20% ($100) – type in this code at checkout:  Save-20

Contents Include:

HIPAA POLICIES 

POLICIES FOR ALL STAFF 

1000 Definitions for HIPAA Regulations and HIPAA Policies
1010 Confidentiality and Security – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1050 Computer Usage
1060 Portable Computing Devices and Home Computer Use
1080 Duty to Report Violations and Security Incidents

Eagle Guarantees its HIPAA Policy TemplatesPOLICIES FOR ADMINISTRATIVE MANAGEMENT 

1500 Employee/Contractor Recruiting and Termination
1600 Disclosures Required by Law

POLICIES FOR TECHNICAL STAFF 

2000 Technical Support Procedures
2010 Secure Network Configuration for Client Networks
2020 Cloud Backup Service
2025 Managed Services Protocols
2030 Remote Management and Monitoring Systems
2035 Data Destruction Service
2040 Authentication, Passwords and Encryption Keys

POLICIES FOR EXECUTIVE MANAGEMENT & SECURITY OFFICER

Download HIPAA Policy Template for Information Technology Co.2900 Security Officer Appointment and HIPAA Documentation
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan and Emergency Mode Operation
3015 Facility Security and Access Control
3020 Periodic Security Evaluation
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3035 Breach Reporting
3040 Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3070 Business Associate Contracts
3075 Employee System Access
3090 Security Incident Response and Reporting

Appendix A – Identifying Business Associates
Appendix B – Sample HIPAA Business Associate Agreement
Appendix D – Facility Security and Access Plan
Appendix E – Workforce Access to PHI and Safeguards
Appendix F – Miscellaneous
Appendix G – Disaster Recovery Plan 

Gary Pritts

Gary Pritts, President of Eagle Consulting Partners, Inc.

About the Author:  Gary Pritts is Founder and President of Eagle Consulting Partners. His unique experience that led to these popular HIPAA Policy templates.  Gary understands IT managed services companies, medical software authors, and value-added resellers and has created these templates specifically for these companies.   He partnered with dozens of value-added resellers  in the 2001 to 2005 timeframe when the HIPAA rules were first implemented.  He assisted the VARs by delivering HIPAA services to their physician practice customers.  During that time, he also crafted HIPAA policies for the value-added resellers and his other software-author managed services partners.   These policies deal with topics such as help desk protocols, secure configuration of remote management and monitoring systems, and secure handling of client access credentials.  In addition, the policies include  guidance to the technical staff so that they can better assist HIPAA-regulated clients with their HIPAA compliance.    His first-hand experience as a prior general manager for a value-added reseller as well as partnerships with VARS, software authors and managed services companies has led to these policy templates.  He studied computer science at Purdue University and holds a MBA from Harvard Business School.

Limited Time Special… Save 20% ($100)  at Checkout… type in this code:  Save-20

Pin It on Pinterest