Eagle offers a variety of services to assist with HIPAA Policy and Procedures development. The HIPAA regulations require policies and procedures that are appropriate to the business and workflow of the organization, which necessitates vastly different policies depending on the type of organization.
First, Eagle can support rapid procedure creation by utilizing its library of comprehensive HIPAA Privacy and Security Policies specifically tailored for different types of entities. These entities include:
- Physician Practices
- Ohio County Boards of Developmental Disability
- Cloud computing vendors (Business Associates)
- Group Health Plans of self-insured employers
- Public Health Departments
Many of these policies are available for immediate purchase via the Online Store, which provides a very economical solution for organizations on a tight budget. These policies are provided in Microsoft Word format and customization instructions are included.
Both small and large organizations can also benefit from Eagle’s policy customization services. For these engagements, Eagle will usually use one of the policy templates detailed above as an initial draft. Working closely with a project manager for the customer, a second draft is created that both tailors the policies to the organization and integrates these policies with the organization’s exiting policy and procedure manual. If desired, Eagle will facilitate a meeting with management of the organization to obtain another round of adjustments in order to create a final draft for use by the organization.
Over the last decade, Eagle has worked with a wide variety of HIPAA covered entities which include all of the types identified above. In addition, we have worked with behavioral health organizations, home health agencies, physical therapy providers and group homes for the developmentally disabled.
Customized policy and procedure development is often necessary for HIPAA Business Associates. Eagle has worked with numerous HIPAA Business Associates over the last decade including medical billing services, consulting firms, medical software authors and resellers, and cloud technology service providers. However, there are many organizations that do not fit one of these common types. In these situations, Eagle is particularly well qualified to prepare this analysis because its consultants have broad business experience, deep understanding of the HIPAA regulations, and information technology expertise. We use the following process:
- Understand the business – staff, structure, locations, products/services, systems and culture
- Identify data and applications that process PHI
- Understand business processes that use PHI
- Evaluate existing controls and other safeguards
- Create policies and procedures, first draft, integrating them into existing organizational policies
- Solicit review from management
- Revise policies and procedures and submit final deliverables
Often, after creating policies and procedures, Eagle is asked to provide implementation support which is another service that is offered.