subject: Hipaa Security Policy [print this page] The Health Insurance Portability and Accountability Act, or HIPAA, was passed and finalized in 1996. The Act sets national standards for the protection of individual medical information. The act was passed by Congress as a response to the growing concern of easy accessibility to patient information.
HIPAA rule has very specific requirements with regard to creating, implementing, or changing Policies and Procedures.
Standard: Policies and Procedures -- A covered entity must implement policies and procedures with respect to protected health information that are designed to comply with the standards, implementation specifications, or other requirements of this subpart. The policies and procedures must be reasonably designed, taking into account the size of and the type of activities that relate to protected health information undertaken by the covered entity, to ensure such compliance. This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirement of this subpart.
The HIPAA Security Rule is a key part of HIPAA--federal legislation that was passed into law in August 1996. This rule deals with electronic Protected Health Information (ePHI), which is created, received, used, or maintained by a covered entity. The Security Rule requires implementation of three types of safeguards: 1) administrative, 2) physical, and 3) technical. Various security standards are identified by the rule for each of these types, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications.
Developing or revising your organizations security policies and procedures is a major task that takes time and attention to detail. Each policy must specifically reflect the Security regulations complex requirements, yet be worded simply enough to be understood and applied across the entire organization. Each security policy must set the foundation for the individual departmental procedures needed to support and implement the policy.
We offer various templates to help companies comply with the requirement of policies and procedures of Security Rule. Our HIPAA Security policy and procedures templates are ideally suited for following categories of organizations: Hospital, Long Term Care organizations, Health Plans, Insurance Companies, Third Party Administrators, Clearing Houses, Physicians, County Government, State Agencies, Business associates and other payor & providers.
Based on HIPAA requirements, updates from HITECH act, NIST standards, ISO 17799 and security best practices, our templates will save your hundreds of work hours.
