Policies and Procedures

HIPAA Help Center’s Policy module provides a space for users to approve and implement policies and procedures. Under the HIPAA Security Rule, covered entities must not only have processes in place to safeguard protected health information, but they must also regularly review the procedures and modify them as necessary. The Policy module makes this workflow easier and allows auditors to see what emendations users have made, further demonstrating compliance.

Key Policy module features

The Policy module makes maintaining implementation task.

  • Create policies: This HIPAA Help Center module enables covered entities to approve, review, assign and amend practice procedures.
  • Assign a timeline: The timeline feature provides users with an opportunity to choose whether to implement these process yearly, quarterly, monthly or weekly, allowing organizations to stay up-to-date with policies.
  • Promote accountability: The assignment feature delegates the implementation of a policy to a specific workforce member. Doing so prompts a notification to appear in the individual’s dashboard in conjunction with the timeline, therefore providing greater accountability in practices. With these features, health care providers will always remain aware of who is responsible for what tasks, creating the organization necessary to maintain HIPAA compliance.

Frequently asked questions about creating policies and procedures:

What types of policies must covered entities have in place in regard to the HIPAA Security Rule?

The U.S. Department of Health and Human Services outlines a multitude of requirements, though they mainly pertain to PHI protection. For example, covered entities must have contracts or other arrangements with business associates to ensure all parties are HIPAA compliant.

How must covered entities keep track of policies?

Under HIPAA, covered entities are required to maintain written documentation of policies and procedures, though this may be done electronically. Additionally, health care providers must make written policies and procedures available to those responsible for their implementation. HIPAA Help Center Policy module allows all health care professionals to view compliance processes.

How often must covered entities review policies and procedures?

The HHS requires covered entities to review and modify HIPAA compliance processes periodically or whenever necessary. Health care providers would do well to set up a routine, perhaps every quarter, in which they assess whether the current policies are still sufficient. Additionally, any time changes occur, such as in the event of software updates or integration of a bring-your-own-device policy, covered entities should modify the policies and procedures.

Make time for what matters most
Your Patients