You’ve heard that every practice is supposed to have on file its Policies and Procedures. You’ve also read that P and P’s play an important part in HIPAA compliance and that not having these documents is a potential deal-breaker when it comes to passing a HIPAA audit. You want to do the right thing and put your office’s Policies and Procedures in writing, but you don’t know where to begin.
If this sounds familiar, today’s post is for you. Here’s a partial list simply intended to give you a glimpse into the wonky world of Policies and Procedures a HIPAA-compliant healthcare practice keeps on record.
Policies and Procedures for:
HIPAA Documentation Retention
Documentation Availability
Documentation Updating
Breach Notification
HIPAA Training
PHI Uses and Disclosures
Patient Rights
Privacy Complaints
Requests for PHI
Risk Management Process
Risk Analysis
Risk Management Implementation
Information Systems Activity Review
Assignment of Security Responsibility
Workforce Clearance
Access Termination
Access Authorization
Access Establishment and Modification
Malware Protection
Log-In Monitoring
Password Management
Security Incident Procedures
Data Backup
Disaster Recovery
Business Associates
Facility Security
Information Access Control and Validation Procedures
Workstation Use
Workstation Security
Media Disposal
Media Re-Use
Hardware and Media Accountability
Data Backup and Storage
Unique User
Emergency Access
Automatic Log-Off Policy
Encryption and Decryption
Audit Controls
Data Integrity Controls
Person or Entity Authentication
Data Integrity Controls
No need to start from scratch
To move ahead with this, talk with us. Learn more here.