What are HIPAA Templates?
HIPAA templates provide guidance for covered entities and business associates on how to implement HIPAA requirements. Below we discuss the most common HIPAA templates that healthcare organizations look for.
HIPAA Templates: Risk Assessment
A HIPAA risk assessment template enables healthcare organizations to assess the safeguards that they have in place securing protected health information (PHI). HIPAA requires organizations to have safeguards maintaining the confidentiality, integrity, and availability of PHI.
HIPAA safeguards include administrative, technical, and physical safeguards.
◈ Administrative. The administrative assessment takes a look at the processes that your business has in place to ensure the security of PHI. Think about:
◆ What kind of security policies does your business have in place?
◆ Are your employees trained on HIPAA security requirements?
◈ Technical. The technical assessment audits the safeguards your business has in place in order to keep the electronic transmission, storage, access, or engagement with PHI kept secure. Think about:
◆ What kind of firewall do you have in place?
◈ Physical. The physical assessment is an audit of your business’ physical premises to ensure that proper security safeguards are in place. Think about:
◆ Are your health records kept in locked cabinets?
◆ Do you have an alarm system for the physical premises?
To learn more about risk assessments, please click here.
HIPAA Templates: Policies and Procedures
Policies and procedures ensure that an organization adheres to the HIPAA Privacy, Security, and Breach Notification Rules. Policies and procedure templates create a framework for the proper uses and disclosures of PHI, what safeguards are needed to secure PHI, and the proper means for reporting a breach.
For an organization to be HIPAA compliant, they must have written policies and procedures that are reviewed and updated annually to account for any changes in business practices.
For more information on policies and procedures, please click here.
HIPAA Templates: Business Associate Agreements
Business associate agreements (BAAs) are required to be signed with business associates that create, receive, transmit, store, or maintain PHI on behalf of their clients. BAAs are legal documents that dictate the safeguards business associates are required to have in place. A BAA also requires each signing party to be HIPAA compliant, and maintain their compliance. Lastly, BAAs determine which party is responsible for reporting a breach should one occur.
For more information on business associate agreements, please click here.