HIPAA Compliance Forms, Policies, Template, Software

Supremus Group has different HIPAA compliance forms and templates (download only) to help you get HIPAA compliant with privacy and security rule requirements and jumps to start your compliance projects. Below you will find all the HIPAA compliance tools which will help your organization with your HIPAA compliance project requirements and save you a lot of time for your team and thousands of dollars. All templates are in MS Word format, and guides and samples for reference are in PDF format. The full suite is emailed to you after the purchase.

‏‏‎TEMPLATES FOR HIPAA SECURITY RISK ANALYSIS $495

Risk Analysis is often regarded as the first step towards HIPAA compliance. Risk analysis is a required implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1). Covered entities will benefit from an effective Risk Analysis and Risk Management program beyond just being HIPAA compliant. Compliance with HIPAA is not optional… it is mandatory, to avoid penalties.

The objective of HIPAA Security Risk Analysis/Assessment:
The overall objective of a HIPAA risk analysis is to document the Potential risks and vulnerabilities to the confidentiality, integrity, or availability of electronically protected health information (ePHI) and determine the appropriate safeguards to bring the level of risk to an acceptable and manageable level. It helps in ensuring that controls and expenditure are fully commensurate with the risks to which the organization is exposed

List of documents in HIPAA Security Risk Analysis Template revised for HITECH Omnibus Rule

• Asset Inventory Worksheet
• Detailed HIPAA Security Risk Analysis Executive Report
• Risk Analysis Checklist
• Risk Analysis Template
• Risk Assessment Executive Presentation
• HIPAA Security Risk Assessment Scorecard
  • Overview spreadsheet
  • Administrative safeguard spreadsheet
  • Technical safeguard spreadsheet
  • Physical safeguard spreadsheet
  • Organizational safeguard spreadsheet
• Sample Privacy & Security Risk Analysis Executive Report 2013-Short Version
• Threat Matrix Worksheet

Buy HIPAA Risk Analysis Template Suite Now: $495

TEMPLATES SUITE FOR HIPAA SECURITY POLICIES $495

The final HIPAA Security rule published on February 20, 2003, requires that healthcare organizations create policies and procedures to apply the security requirements of the law – and then train their employees on the use of these policies and procedures in their day-to-day jobs.

HIPAA rule has very specific requirements with regard to creating, implementing, or changing Policies and Procedures. “Standard: Policies and Procedures — A covered entity must implement policies and procedures with respect to protected health information that is designed to comply with the standards, implementation specifications, or other requirements of this subpart. The policies and procedures must be reasonably designed, taking into account the size of and the type of activities that relate to protected health information undertaken by the covered entity, to ensure such compliance. This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirements of this subpart.”

We have developed 71 HIPAA security policies which include 60 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklists, and forms as supplemental documents to the required policies. These policies meet the challenges of creating enterprise-wide security policies. The suite addresses all major components of the HIPAA Security Rule and each policy can be adopted or customized based on your organization’s needs.

I. Policies on the Standards for Administrative Safeguards

• Breach Notification Policy
• Security Management Process
• Risk Analysis
• Risk Management
• Sanction Policy
• Information System Activity Review
• Assigned Security Responsibility
• Workforce Security
• Authorization and/or Supervision
• Workforce Clearance Procedure
• Termination Procedures
• Information Access Management
• Access Authorization
• Access Establishment and Modification
• Security Awareness & Training
• Security Reminders
• Protection from Malicious Software
• Log-in Monitoring
• Password Management
• Security Incident Procedures
• Response and Reporting
• Contingency Plan
• Data Backup Plan
• Disaster Recovery Plan
• Emergency Mode Operation Plan
• Testing and Revision Procedure
• Applications and Data Criticality Analysis
• Evaluation
• Business Associate Contracts and Other Arrangements
• Business Associate Agreement
• Execution of Business Associate Agreements with Contracts

II. Policies on the Standards for Physical Safeguards

• Facility Access Controls
• Contingency Operations
• Facility Security Plan
• Access Control and Validation Procedures
• Maintenance Records
• Workstation Use
• Workstation Security
• Device and Media Controls
• Disposal
• Media Re-use
• Mobile Device Policy
• Accountability
• Data Backup and Storage

III. Policies on the Standards for Technical Safeguards

• Access Control
• Unique User Identification
• Emergency Access Procedure
• Automatic Logoff
• Encryption and Decryption
• Audit Controls
• Integrity
• The mechanism to Authenticate Electronic Protected Health Information
• Person or Entity Authentication
• Transmission Security
• Integrity Controls
• Encryption

IV. Organizational Requirements

• Policies and Procedures
• Documentation
• Isolating Healthcare Clearinghouse Function
• Group Health Plan Requirements

V. Supplemental Policies for Required HIPAA Policies

• Wireless Security Policy
• Email Security Policy
• Analog Line Policy
• Dial-in Access Policy
• Automatically Forwarded Email Policy
• Remote Access Policy
• Ethics Policy
• VPN Security Policy
• Extranet Policy
• Internet DMZ Equipment Policy
• Network Security Policy

Buy HIPAA Security Policies Template Suite Now: $495

TEMPLATES SUITE FOR HIPAA PRIVACY POLICIES $300

A covered entity is required to develop and implement policies and procedures appropriate to the entity’s business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;” – HIPAA Privacy Rule 45 CFR Part 160

Following are the 57 policies, forms, and procedures included in the HIPAA Privacy Policy & procedures template suite. The policies can be used by any covered entity. All policies are available in MS Word format and can be easily modified as per your requirements. Each template is presented in a standard format reflecting critical organizational functions to consider in HIPAA remediation.

These HIPAA policies cover all the major areas like:

1) General policies regarding use and disclosure of PHI
2) Minimum necessary rule for use and disclosure of PHI
3) Patient rights regarding their own PHI
4) Uses and disclosures not requiring patient authorization
5) Special cases for restriction of uses and disclosures of PHI
6) Organizational issues and safeguards

The templates suite includes following HIPAA Privacy policies and procedures.

• Accept Access Request
• Accounting for Disclosures
• Acknowledgment of Receipt
• Amendment to Record Form
• Authorization for Release of Protected Health Information
• Authorization To Use Disclose Protected Health Information
• Business Associate Agreement
• Business Associate Contracts and Other Arrangements
• Complaint Process
• Data Use Agreement Template
• De-identified Information and Limited Data Sets
• Denial Access Request
• Denial Request to Amend Form
• Disclosure Accounting Log for Medical Information
• Disclosure of PHI with and without authorization Template
• Disclosures Record Form
• Document Retention Requirements
• EHR accounting of disclosures
• Employee Confidentiality Agreement
• Execution of Business Associate Agreements with Contracts
• Health Plan Notice of Privacy Practices
• HIPAA Accept Amend Request Form
• Identifying PHI and Designated Record Sets
• Minimum Necessary
• Multi-Organization Arrangements
• Notice of Privacy Practices
• Patient Right to Access PHI
• PHI Release by Whistleblowers
• Privacy Officer
• Receipt of Payment when Disclosing PHI
• Release for Abuse Neglect or Domestic Violence
• Release for Confidential Communications
• Release for Fundraising Purposes
• Release for Health Oversight
• Release for Judicial or Administrative Proceedings
• Release for Law Enforcement
• Release for Marketing Purposes
• Release for Public Health
• Release for Research Purposes
• Release for Specific Government Functions
• Release for Workers Compensation
• Release of Information for Deceased Patients or Plan Members
• Release of Information for Legal Representatives
• Release of Information to a Minor
• Release of Information to a Minor’s Parents
• Release of Information to Friends and Family Members
• Release of Psychotherapy Notes
• Release to Avert Serious Threat to Safety
• Request Confidential Communications Template
• Request Restriction
• Request to Amend Patient or Plan Member Record
• Requests for Restriction policy
• Required PHI Disclosures
• Right to Object to Release for Certain Purposes
• Safeguarding PHI
• Training Requirements
• Workforce Sanctions

Buy HIPAA Privacy Policies Template Suite Now: $300

TEMPLATES IN HIPAA SECURITY CONTINGENCY PLAN SUITE $1200

HIPAA Contingency Plan template suite can be used for Disaster Recovery Planning (DRP) & Business Continuity Plan (BCP) by any organization to comply with requirements of HIPAA, JCAHO, Sarbanes Oxley (SOX), FISMA, and ISO 27002. Any organization, large or small, can use this template and adapt to its environment.

• Business Impact Analysis (BIA)
• Risk Assessment
• Selecting and Implementing Recovery Strategies
• Contingency Program Policy & Standards
• Data Backup and Storage Plan
• Disaster Recovery Plan (DRP)
• Business Continuity Plan (BCP)
• Emergency Mode Operation Plan (EMOP)
• DRP & BCP Testing and Revision Plan
• Business Resumption Plan examples for depts. like Accounting, Human resources, etc
• Policies and procedures
• Department Disaster Recovery Activation
• Recovery Strategies
• Training of the Disaster Recovery Team
• Testing of the Disaster Recovery Plan
• Evaluation of the Disaster Recovery Plan Tests
• Maintenance of the Disaster Recovery Plan

Documents in HIPAA Contingency Plan Template Suite: Sub Section: Conducting a Business Impact Analysis (BIA)

• Conducting a Business Impact Analysis (Guide) (23 pages)
• Long Version Business Impact Analysis Template (21 pages)
• Short Version Business Impact Analysis Template (6 pages)
• Applications and Data Criticality Analysis Template (24 pages)
• Final Business Unit Report Template includes following sub-documents (8 pages)
• Department Financial Impact Chart Template (1 page)
• Department Operational Impact Chart Template (1 page)
• Department Legal/Regulatory Chart Template (1 page)
• Final Executive Management Report Template includes following sub-documents (23 pages)
• Combined Financial Impact Chart Template (2 pages)
• Combined Operational Impact Chart Template ( 3 pages)
• Combined Legal/Regulatory Chart Template (1 page)
• Combined People Over Time Chart Template (3 pages)

Sub Section: Conducting a HIPAA Risk Assessment

• Conducting a Risk Assessment (Guide) (15 pages)
• Risk Assessment Template (17 pages)
• Risk Assessment Worksheet (14 pages)
• Executive Risk Assessment Findings Report (15 pages)
• Preventative Measures Examples (6 pages)
• Final Facility Risk Assessment Report (10 pages)
• Executive Report Charts Template (5 Charts) (5 pages)

Sub Section: Selecting And Implementing Recovery Strategies

• Implementing Recovery Strategies includes the following sub-documents (15 pages)
• Contingency Planning Process (8 pages)

Sub Section: Sample Documents

• Example of Completed Long Version BIA (24 pages)
• Example of Completed Short Version BIA (4 pages)
• Example of Completed App & Data Criticality Analysis (39 pages)
• Example of Completed Business Unit Final Report (8 pages)
• Example of Charts to support Business Unit Final Report (3 Charts) (3 pages)
• Example of Completed Executive Management Report (40 pages)
• Example of Completed Risk Assessment (17 pages)
• Example of Completed Final Risk Assessment Report (16 pages)
• Example Completed Risk Assessment Worksheet (14 pages)

Sub Section: Contingency Program Policy & Standards

• Business Impact Analysis Policy includes the following sub-document (12 pages)
• Business Impact Analysis Standard (14 pages)
• Risk Assessment Policy includes the following sub-document (11 pages)
• Risk Assessment Standard (11 pages)
• Contingency Planning Policy includes the following sub-documents (10 pages)
• Disaster Recovery Planning Standard (69 pages)
• Emergency Mode Operation Plan Standards (14 pages)
• Business Resumption Planning Standards (20 pages)
• Testing and Revision Policy will include following sub-documents (17 pages)
• Testing & Revision Standards (14 pages)
• Data Backup Plan Policy Template will include the following sub-documents (15 pages)
• Data Backup Standard (8 pages)
• Training & Awareness Standard (7 pages)
• Instructions on how to update all standards (3 pages)

Sub Section: Appendix Documents (Help Guides / Templates)

• Types of Contingency Plans (9 pages)

Sub Section: Data Backup and Storage Plan

• Data Backup Plan (DBP) Template (18 pages)
• Data Backup Plan (DBP) development Guide (11 pages)

Sub Section: Disaster Recovery Plan

• Application Recovery Template (23 pages)
• Application Recovery Plan Development Guide (18 pages)
• Network Recovery Template (20 pages)
• Network Recovery Plan Development Guide (15 pages)
• Database Recovery Template (19 pages)
• Database Recovery Plan Development Guide (16 pages)
• Server Recovery Template (19 pages)
• Server Recovery Plan Development Guide (15 pages)
• Telecommunications Recovery Template (19 pages)
• Telecom Recovery Plan Development Guide (17 pages)
• Disaster Recovery Plan Overview (38 pages)
• Disaster Recovery Plan Development Guide (17 pages)

Sub Section: Emergency Mode Operation Plan

• Dept. Business Resumption Plan Template (16 pages)
• Emergency Operation Plan (18 pages)
• Emergency Mode Operation Planning Standards (38 pages)
• Emergency Mode Operations Plan Development Guide (11 pages) Sub Section: Testing And Revision Plan
• Testing and Revision Program including the following sub-documents (18 pages)
• Business Unit Test Plan (16 pages)
• Business Unit Test Plan Development Guide (10 pages)
• Technology Test Plan (18 pages)
• Technology Test Plan Development Guide (10 pages)
• Test Schedule (2 pages)
• Business Unit Plan Audit Checklist (6 pages)
• Application Plan Audit Checklist (7 pages)
• Database Plan Audit Checklist (6 pages)
• Disaster Recovery Audit Checklist (6 pages)
• Network Plan Audit Checklist (6 pages)
• Server Plan Audit Checklist (6 pages)
• Telecom Plan Audit Checklist (6 pages)
• Audit Notification Memo (1 page)
• Plan Audit Final Report Template (1 page)
• Test Notification Memo (1 page)
• Type of Tests (1 page) Sub Section: Sample Documents
• Example of Completed Data Backup Plan (18 pages)
• Example of Completed Disaster Recovery Plan (38 pages)
• Example of Completed Application Recovery Plan (23 pages)
• Example of Completed Emergency Mode Op Plan including following sub documents:
• Accounting EMOP (42 pages)
• BIOMED EMOP (37 pages)
• Corporate Communications EMOP (38 pages)
• Emergency Services EMOP (37 pages)
• Facilities & Security EMOP (38 pages)
• Human Resources EMOP (38 pages)
• Laboratory EMOP (38 pages)
• Materials Management EMOP (38 pages)
• Pharmacy EMOP (37 pages)
• Surgery EMOP (36 pages)
• Example Business Unit Test Plan (14 pages)
• Example Technology Unit Test Plan (16 pages)
• Example Test Schedule (2 pages)
• Example Audit Notification Memo (1 page)
• Example Business Plan Audit Checklist (6 pages)
• Example Final Audit Report (2 pages)
• Example Audit Follow-Up Memo (1 page)
• Example Test Notification Memo (2 pages)

Buy HIPAA Security Contingency Plan Template Suite Now: $1200

HIPAA AUDIT TEMPLATES SUITE $300

The HIPAA Security Rule requires organizations, at a minimum, to conduct periodic internal audits to evaluate processes and procedures intended to secure confidentially or “protected health information” (PHI) (45 CFR 164.308(a)(8)). It is often advisable to seek an external review or audit but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose of the audit is to determine if an organization has properly documented administrative, physical, and technical security practices, policies, and procedures and generally meets the requirements of the rule.

The objective of HIPAA Audit and Evaluation for Compliance
The objective of the HIPAA Audit includes the following activities:
1. Assess if all vulnerabilities have been addressed.
2. Verify that all compliance requirements have been met.
3. The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronically protected health information.

List of documents for HIPAA Audit Template:

• HIPAA Comprehensive Audit Checklist
• HIPAA Privacy & Security Audit Report – Sample
• HIPAA Security Abbreviated Audit Checklist final
• HIPAA Security Audit Executive Presentation
• Information Security Audit Template

Buy HIPAA Audit Templates Suite Now: $300

SMALL BUSINESS HIPAA SECURITY CONTINGENCY PLAN TEMPLATES $549

We have created a Small Business HIPAA Security Contingency Plan Template Suite that includes a Disaster Recovery Plan and Business Continuity suite for small businesses employing less than 50 employees. There is always a discussion about why does a small business need a Business Continuity plan?

The objectives of business continuity planning include minimizing interruptions to the business’s ability to provide its products and/or services, minimizing financial loss, and being able to resume critical operations within a specified time after a disaster. Business Continuity Planning (BCP) involves devising a plan that guards against business disruption in case of unforeseen events and disasters. Events include local incidents like building fires, regional incidents like floods & earthquakes, or national incidents like pandemic illnesses. A well-thought-out business continuity plan can mean the difference between your business’s survival and failure in the event of a crisis.

Business Continuity (BC) planning is a process of planning to ensure that your business remains unaffected by events that would normally lead to serious interruption or even failure. It creates a plan that management and staff can rely on as a road map to get back up and running as quickly as possible eliminating/minimizing losses in the event of an emergency.

Benefits of Creating a Business Continuity Plan:

• Meet the compliance requirement of government legislation.
• Effective business continuity management can help businesses demonstrate that they are managing their business risks and so help to secure lower insurance premiums.
• A business Continuity plan will show your investors that you take the business seriously, that you are prepared, and desire to maintain productivity regardless of difficulty.
• Having a BC plan can help get you more business. If you own a small business and hope to become a supplier or subcontractor to a Fortune 1000 company or certain government entities, you will quickly find that they require your company to have a BC plan before awarding you any contract.
• A business continuity plan can significantly reduce your losses if ever you are hit by a disaster.

Our complete template suite for Business Continuity Plan for Small Businesses includes the following templates:

Business Impact Analysis

• Enterprise Business Impact Analysis Survey – Short (15 pages)
• Example – BIA Survey Short Version (13 pages)
• Guide to Conducting a Business Impact Analysis (27 pages)

Department Recovery Plan

• Department Recovery Plan Template (28 pages)
• Guide to Documenting Department Continuity Plans (19 pages)
• Example Plans – Accounting Recovery Plan (27 pages)
• Example Plans – Corporate Communications Recovery Plan (25 pages)
• Example Plans – Human Resources Recovery Plan (26 pages)

Disaster (Technology) Recovery Plan

• Disaster Recovery Plan Template (47 pages)
• Example – Disaster Recovery Plan (42 pages)
• Guide to Documenting Disaster Recovery Plans (25 pages)

Data Backup Plan

• Data Backup Plan Template (18 pages)
• Data Backup Plan Development Guide (11 pages)
• Example Data Backup Plan (19 pages)

Policy & Standards

• Business Impact Analysis Policy & Standards (24 pages)
• Department Planning Policy & Standards (23 pages)
• Disaster Recovery (Technology) Planning Policy & Standards (35 pages)
• Guide to Updating Policies & Standards (5 pages)
• Risk Assessment Policy & Standards (19 pages)

Risk Assessment

• Example – Risk Assessment Worksheet (15 Worksheets)
• Guide to Conducting a Risk Assessment (21 pages)
• Preventative measures (6 pages)
• Risk Assessment Worksheet (15 Worksheets)

Strategy Documents

• Contingency Planning Process (16 pages)
• Selecting and Implementing Recovery Strategies (19 pages)
• Types of Contingency Plans (9 pages)
• Guidance for using Template Suite – Small Business (13 pages)
• Project Plan Tasks (6 Worksheets)

Buy Small Business HIPAA Security Contingency Plan Template Suite Now: $549

All the templates come in Microsoft Word/excel files so you can add, change and delete the content as required to complete your privacy policies. If you have any questions, or if you wish to see additional samples, please feel free to contact us at Bob@hipaatraining.net or call on (515) 865-4591. You can also buy individual HIPAA template suites, which are available in our online HIPAA store for purchase.