HIPAA Compliance Policies

Request a quote for a HIPAA privacy and security policies

Customizable HIPAA policies and procedure templates that save you time.

Protect patient data with customizable HIPAA privacy and security policy templates to help your organization comply with the HIPAA Privacy, Security, and Breach Notification Rules.


Using over 20 years of auditing experience, you get crafted a process that simplifies and streamlines your work. SecurityMetrics participates in the PCI Council’s GEAR meetings and holds credentials like: QSA, QPA, PFI, ASV, CISSP, CISA, CCSFP, SSF, SSL. You're in good hands.

Request a Quote for HIPAA Policies

By submitting this form you agree to our privacy policy.

We strive to fulfill privacy requirements and protect your data.

We want to send you emails containing educational and promotional information. You can unsubscribe at any time. By submitting your personal data, you give us permission to send you emails. We will not share your data with anyone. The SecurityMetrics data retention policy is to keep data for five years after no further activity from you. You have the right to control the data you submit, lodge a complaint to a supervising authority, and to unsubscribe or withdraw consent at any time. You are not required to give us your data. We use marketing automation to match our solutions with your interests. See our privacy policy for more info. If you are unfamiliar with GDPR, you can learn about it on our blog.

What's included:

HIPAA privacy policies and procedures

Patient Rights

  • Accounting of Disclosures of Protected Health Information
  • Amendment of Protected Health Information
  • Complaints
  • Notice of Privacy Practices
  • Patient Access to Protected Health Information
  • Request for Alternative Communication
  • Restrictions to Permitted Uses and Disclosures of Protected Health Information

Uses and Disclosures of Protected Health Information

  • Authorization for Release of Protected Health Information
  • Disclosure of Alcohol and Substance/Drug Abuse Records
  • Marketing and Fundraising
  • Minimum Necessary for Uses and Disclosures of Protected Health Information
  • Responding to Subpoena and Court Order
  • Use and Disclosure of Limited Data Sets
  • Uses and Disclosures of Protected Health Information for Research
  • Uses and Disclosures of Protected Health Information for the Directory
  • Uses and Disclosures of Protected Health Information Permitted and Required by Law without Authorization

General Rules

  • Business Associate and Business Associate Agreement
  • Emailing Protected Health Information
  • Faxing Protected Health Information
  • Personal Representatives
  • Safeguarding and Storing Protected Health Information
  • Verification of Identity and Authority of Persons Requesting Protected

Health Information

  • Administrative
  • Breach of Protected Health Information and Breach Notification
  • De-Identification of Protected Health Information
  • Designed Record Set
  • Privacy Official Designation
  • Sanctions

Documentation

  • Destruction of Protected Health Information
  • Retention of Protected Health Information

HIPAA security policies and procedures

  • HIPAA Information Security Policy
  • Business Associate Compliance Monitoring
  • Business Continuity Plan
  • Business Impact Analysis
  • Data Integrity Procedures
  • Employee Handbook
  • Firewall Configuration Standards
  • Incident Response
  • Job Descriptions
  • Network Time Protocol (NTP) Configuration Procedures
  • Operating Procedures
  • Physical Security Procedures
  • Risk Treatment Proposal
  • Security Awareness Training Procedure
  • Vulnerability Discovery and Risk Ranking
  • Workstation Functions

 

Testimonial

"Templates were pre-made, which made it easy for me to write the policies."

- Liz Ford, Practice Manager, Vein Center of New Mexico