Have you reviewed your HIPAA Policy and Procedure Manual? Are all of your policies in place? If you are not sure which policies and procedures you need, below is list that can help you in making sure you have everything you need.
Are All of Your Policies in Place?
3 – Sanctions/Compliance
4 – HIPAA 164.308(a)(1)(ii)(A) – Risk Analysis
5 – HIPAA 164.308(a)(1)(ii)(B) – Risk Management
6 – HIPAA 164.308(a)(1)(ii)(C) – Sanction Policy
7 – HIPAA 164.308(a)(1)(ii)(D) – Information System Activity Review
8 – HIPAA 164.308(a)(2) – Assigned Security Responsibility
9 – HIPAA 164.308(a)(3)(ii)(A) – Authorization and/or Supervision
10 – HIPAA 164.308(a)(3)(ii)(B) – Workforce Clearance Procedure
11 – HIPAA 164.308(a)(3)(ii)(C) – Termination Procedures
12 – HIPAA 164.308(a)(4)(ii)(B) – Access Authorization
13 – HIPAA 164.308(a)(4)(ii)(C) – Access Establishment and Modification
14 – HIPAA 164.308(a)(5)(ii)(A) – Security Reminders
15 – HIPAA 164.308(a)(5)(ii)(B) – Protection from Malicious Software
16 – HIPAA 164.308(a)(5)(ii)(C) – Log-in Monitoring
17 – HIPAA 164.308(a)(5)(ii)(D) – Password Management
18 – HIPAA 164.308(a)(6)(ii) – Response and Reporting
19 – HIPAA 164.308(a)(7)(ii)(A) – Data Backup Plan
20 – HIPAA 164.308(a)(7)(ii)(B) – Disaster Recovery Plan
21 – HIPAA 164.308(a)(7)(ii)(C) – Emergency Mode Operation Plan
22 – HIPAA 164.308(a)(7)(ii)(D) – Testing and Revision Procedure
23 – HIPAA 164.308(a)(7)(ii)(E) – Applications and Data Criticality Analysis
24 – HIPAA 164.308(a)(8) – Evaluation
25 – HIPAA 164.308(b)(3) – Written Contract or Other Arrangement
26 – HIPAA 164.310(a)(2)(i) – Contingency Operations
27 – HIPAA 164.310(a)(2)(ii) – Facility Security Plan
28 – HIPAA 164.310(a)(2)(iii) – Access Control and Validation Procedures
29 – HIPAA 164.310(a)(2)(iv) – Maintenance Records
30 – HIPAA 164.310(b) – Workstation Use
31 – HIPAA 164.310(c) – Workstation Security
32 – HIPAA 164.310(d)(2)(i) – Media Disposal
33 – HIPAA 164.310(d)(2)(ii) – Media Re-use
34 – HIPAA 164.310(d)(2)(iii) – Media Accountability
35 – HIPAA 164.310(d)(2)(iv) – Data Backup and Storage (during transfer)
36 – HIPAA 164.312(a)(2)(i) – Unique User Identification
37 – HIPAA 164.312(a)(2)(ii) – Emergency Access Procedure
38 – HIPAA 164.312(a)(2)(iii) – Automatic Logoff
39 – HIPAA 164.312(a)(2)(iv) – Encryption and Decryption (data at rest)
40 – HIPAA 164.312(b) – Audit Controls
41 – HIPAA 164.312(c)(1) – Protection Policies/Procedures Against Improper Data Alteration or Destruction
42 – HIPAA 164.312(c)(2) – Protection Mechanism Against Improper Data Alteration or Destruction
43 – HIPAA 164.312(d) – Person or Entity Authentication
44 – HIPAA 164.312(e)(2)(i) – Protection of Data During Transmission
45 – HIPAA 164.312(e)(2)(ii) – Integrity Controls & Encryption
46 – HIPAA 164.314(a)(1) – Business Associate Contracts
47 – HIPAA 164.316(a) – Policies and Procedures
48 – HIPAA 164.316(b)(1) – Documentation
49 – HIPAA 164.316(b)(2)(i) – Time Limit
50 – HIPAA 164.316(b)(2)(ii) – Availability
51 – HIPAA 164.316(b)(2)(iii) – Updates
If you are in need of any of these policies, please contact Tier3MD to assist you in putting your manual together.