You’ve heard that every practice is supposed to have on file its Policies and Procedures. You’ve also read that P and P’s play an important part in HIPAA compliance and that not having these documents is a potential deal-breaker when it comes to passing a HIPAA audit. You want to do the right thing and put your office’s Policies and Procedures in writing, but you don’t know where to begin.

If this sounds familiar, today’s post is for you. Here’s a partial list simply intended to give you a glimpse into the wonky world of Policies and Procedures a HIPAA-compliant healthcare practice keeps on record.

Policies and Procedures for:

HIPAA Documentation Retention

Documentation Availability

Documentation Updating

Breach Notification

HIPAA Training

PHI Uses and Disclosures

Patient Rights

Privacy Complaints

Requests for PHI

Risk Management Process

Risk Analysis

Risk Management Implementation

Information Systems Activity Review

Assignment of Security Responsibility

Workforce Clearance

Access Termination

Access Authorization

Access Establishment and Modification

Malware Protection

Log-In Monitoring

Password Management

Security Incident Procedures

Data Backup

Disaster Recovery

Business Associates

Facility Security

Information Access Control and Validation Procedures

Workstation Use

Workstation Security

Media Disposal

Media Re-Use

Hardware and Media Accountability

Data Backup and Storage

Unique User

Emergency Access

Automatic Log-Off Policy

Encryption and Decryption

Audit Controls

Data Integrity Controls

Person or Entity Authentication

Data Integrity Controls

No need to start from scratch

To move ahead with this, talk with us. Learn more here.