Policies and Procedures and Documentation Requirements (164.316)

Covered entities must implement reasonable and appropriate policies and procedures to comply with the standards and implementation specifications of the HIPAA Security Rule. The covered entity, such as a hospital or any provider, may change its policies and procedures at any time, provided that the changes are documented and implemented.

Key areas your organization needs to address include:

• Develop a policy and procedure template that will be used consistently for the expression of all policy and procedure documents
• Identify the specific policies and procedures that need to be developed to meet compliance requirements of legislations such as HIPAA and others your organization may be impacted by
• Create actual policy and procedure documents that establish business/organizational priorities and processes
• Submit these draft documents for review and input by all key departments within the organization
• Approve the policies and procedures at the highest executive level possible

The HIPAA Academy has developed the healthcare industry’s most comprehensive suite of HIPAA Security policy templates. Review the outline of all HIPAA Academy policies at www.HIPAAAcademy.Net. For more information please contact Lorna.Waggoner@ecfirst.com or call her at 1.515.453.8247 x17.