HIPAA Security Policy Templates

Why Create Security Policy and Procedures?
The final HIPAA Security rule published on February 20, 2003 requires that healthcare organizations create policies and procedures to apply the security requirements of the law and then train their employees on the use of these policies and procedures in their day-to-day jobs.
HIPAA rule has very specific requirements with regard to creating, implementing, or changing Policies and Procedures. Standard: Policies and Procedures -- A covered entity must implement policies and procedures with respect to protected health information that are designed to comply with the standards, implementation specifications, or other requirements of this subpart. The policies and procedures must be reasonably designed, taking into account the size of and the type of activities that relate to protected health information undertaken by the covered entity, to ensure such compliance. This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirement of this subpart.
Likewise, any changes to your Policies and Procedures must be made in accordance with HIPAA regulations, and must reflect future changes in HIPAA (and other applicable) law: Standard: Changes to Policies or Procedures -- A covered entity must change its policies and procedures as necessary and appropriate to comply with changes in the law, including the standards, requirements, and implementation specifications of this subpart.
Developing or revising your organization s security policies and procedures is a major task that takes time and attention to detail. Each policy must specifically reflect the Security regulations complex requirements, yet be worded simply enough to be understood and applied across the entire organization. Each security policy must set the foundation for the individual departmental procedures needed to support and implement the policy.

Our Security Policies and Procedures Templates/forms

We have developed 67 security policies which include 56 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklist and forms as supplemental documents to the required policies. These policies meet the challenges of creating enterprise-wide security policies. The suite addresses all major components of the HIPAA Security Rule and each policy can be adopted or customized based on your organization s needs.
Break Up of Policies and Procedures
Administrative Safeguards = 28 Policies & Procedures
Physical Safeguards = 12 Policies & Procedures
Technical Safeguards 1= 2 Policies & Procedures
Organizational Requirements = 04 Policies & Procedures
Supplemental Polices to required policy = 11 Policies & Procedures
Developed by certified security specialists with healthcare experience, the policies are mapped to HIPAA requirements, based on security industry best practices and standards, and fine-tuned to the healthcare environments. The templates are intended to serve as the cornerstone of your security program.
The policies support the Security Rule's provisions for "scalability," meaning that they can be adjusted to the size and scope of the covered entity. Our HIPAA Security policies and procedures templates will save you at least 400 work hours and are everything you need for rapid development and implementation of policies. Our templates are created based on HIPAA requirements, NIST standards, ISO 17799 and security best practices. The key objectives in formulating the policies were to ensure that they are congruent with the HIPAA Security regulations, integrate industry-established best practices for security, and are tailored to the healthcare provider environment.

Who should use our HIPAA Template Suite?

Our HIPAA policies and procedures templates are ideally suited for following categories of organizations: Hospital, Long Term Care organizations, Health Plans, Insurance Companies, Third Party Administrators, Clearing Houses, Physicians, County Government and State Agencies.
We would encourage Business Associates to also use our HIPAA Security Policy and templates as a better business practice. using these policies helps in showing client your commitment of exceeding the HIPAA requirements and gaining the confidence of client and their business.
Purchasing the templates for these policies can save your organization thousands of dollars by avoiding customized development fees plus you gain the assurance that the policies were developed by the recognized leader in HIPAA compliance.
Easy to Customize Templates
Our templates fully meet the requirements of the HIPAA Rules and guidelines. However, they are only a starting point for creating finished Policies and Procedures specific to your organization. As with any model documents or forms, you will need to open each document and customize it to meet your unique needs. The Supremus Group cannot and does not assume any legal liability for the final Policies and Procedures you create from the model documents.
All the templates are available in MS Word document. You can modify the template as needed for your organization, including placing the name of your organization in the template and modifying it in any way that you feel is required to customize it for your situation. These templates will be sent in a CD. On your request, we can e-mail them to you in zip format.