Creating A HIPAA Policy and Procedure Manual
A HIPAA Policy and Procedure Manual is a vital part of your HIPAA compliancy. It may even be the most important part. If you have not had a HIPAA policy and procedure manual put together, you should probably do so as soon as possible. Tier3MD can help you with this.
The final HIPAA Security rule published in 2003 requires that all healthcare organizations create HIPAA Security Policy and Procedure Manual to apply the security requirements of the law, and then train their employees on the use of these policies and procedures in their day-to-day jobs. for example, if you have a workstation policy, where a user is required to log off their computer when stepping away, you most likely would need to inform them of this policy. A carefully constructed set of Policies and Procedures is one of the main requirements for compliance with HIPAA. Policies and Procedures are intended to make the various requirements of HIPAA law understandable to the members of your workforce. Because most of your employees will never actually read the full HIPAA register, the Policies and Procedures deliver the information in a form that employees, volunteers, contractors, etc. can understand.
The American Recovery and Reinvestment Act of 2009 (ARRA)’s HITECH act, and Omnibus rule of 2013 requires business associates & sub business associates to comply with security rule. Developing or revising your organization’s security policies and procedures is a major task that takes time and attention to detail. Each policy must specifically reflect the Security regulations’ complex requirements, yet be worded simply enough to be understood and applied across the entire organization. There is no requirement on how long or short each policy should be, or the format. Each policy must set the foundation for the individual departmental procedures needed to support and implement the policy.
Basically, HIPAA has released sets of certain subjects or objectives that each Policy and Procedure must meet. These policies and procedures meet the NIST standards, and can be as simple as “you have a sanction policy”, to documenting a very well thought out password policy.
Tier3MD can help you with all of your HIPAA policy and procedures and provide you information on the breach notification rule. Our database has over 50 current policies that address all of the HIPAA requirements. For pricing, contact the Tier3MD HIPAA compliance department.