HIPAA Privacy & Security Policy Templates for Medical Practices

Eagle’s product helps you increase security, gain compliance, and avoid fines.

• Avoid fines — HIPAA random audits are ongoing
• Help the practice comply with Stage 2 Meaningful Use requirement for privacy and security
• Protect practice from data loss
• Protect patient confidentiality
• Increase patient satisfaction through privacy right protection

Designed specifically for small medical practices (10 physicians or less), Eagle’s comprehensive policy and procedure templates speed the process of HIPAA Privacy and Security Compliance.  For compliance with Meaningful Use requirements, practices must attest to the Privacy and Security Objective (Objective #1 for MU Stage 2) which includes both completing a security risk analysis and correcting any deficiencies identified.  A lack of appropriate policies is a deficiency — these templates can help correct that deficiency.

These policies have been fully updated for compliance with the ‘Omnibus Rule’ published on January 25, 2013 and include changes mandated  by the HITECH Act.  For practices that are implementing HIPAA Security for the first time, a Security Implementation Checklist is also included with step-by-step instructions on how to implement these policies in your practice.  Finally, a simple checklist is included for the Privacy/Security officer which summarizes the ongoing duties so that you will remain compliant.

The policy templates are approximately 80 pages and delivered in Microsoft Word format. Perpetual license is granted to the user to use and modify the policies for a single medical practice. Policies may be used in hardcopy format, or electronically via your practice’s server. When used online, all staff have immediate access. On-line citations and references are included with full hyperlink functionality to allow quick access to the relevant HIPAA regulation and/or various reference materials.

Download Today to Start Updating Your Policies & Procedures for Compliance

The following policies are included:

Confidentiality & Privacy Policies for All Staff

1000 Confidentiality, Privacy and Computer Security Definitions
1010 HIPAA – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1040 Speaking with the Family and Friends of an Patient Receiving Services
1050 Authorizations
1060 Verification
1070 Minors, Personal Representatives and Deceased Patients
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do Not Require an Authorization
1095 Patient Portal
1100 Fundraising

Patient Rights

1200 Patient’s Right to Access Records
1210 Patient’s Right to Request Amendment of Records
1220 Patient’s Right to Receive an Accounting of Disclosures
1230 Patient’s Right to Request Additional Restrictions
1240 Patient’s Right to Request Confidential Communications

Confidentiality Policies for Supervisors

1300 Mitigation
1310 Notice of Privacy Practices
1320 Non-intimidation and Non-retaliation
1330 Privacy Complaints

Shared Privacy/Security Policies

1340 Policy Updating and Staff Training
1350 Sanctions for Staff Violations of Privacy/Security Policies
1360 Business Associate Contracts
1370 HIPAA Assignments and Documentation

Follow instructions to protect HIPAA related data. Eagle guarantees your satisfaction!

HIPAA Security Policies for Practice Owner/Practice Administrator & the Security Officer

2000 HIPAA Security Officer and Security Management Process
2010 Data Backup Policy
2020 Disaster Recovery Plan and Emergency Mode Operation
2030 Facility Security and Access Control
2040 Annual Security Evaluation
2050 Audit Control and Activity Review Policy
2060 Malicious Software Protection Policy
2070 Security Awareness Program
2080 Device and Media Disposal and Re-Use
2090 Technical Safeguards
2100 Breach Reporting

Security Policies for Office Manager & Supervisors

3010 Employee System Access and Termination Procedures

HIPAA Administrative Requirements & Security Policies for All Staff

3080 Computer Usage
3082 Use of Social Media
3085 Portable Computing Devices and Home Computer Use
3090 Security Incident Response and Reporting

Appendices

Appendix A – Identifying Business Associates
Appendix B – Sample HIPAA Business Associate Agreement
Appendix C – Sample Privacy & Security Officer Duties
Appendix D – Facility Security and Safeguards for Oral and Written PHI
Appendix E – Workforce Access to PHI and Safeguards
Appendix F – Minimum Necessary – Procedures for Routine Disclosures and Requests
Appendix G – Miscellaneous
Authorization Form
Notice of Privacy Practices
Disclosure Log
Privacy Instructions
Confidentiality Agreement for Cleaning Agency
Acknowledgement of HIPAA Policies and Procedures