Category
Home Care
Category
Accreditation and Compliance
Category
Medical Staff
Category
Medical Office/Medical Group
Category
Long-Term Care
Category
Ambulatory Care
Category
Behavioral Health
Category
Medical Records/Information Management
Category
HIPAA

HIPAA Guidelines Policy and Procedure Manual for Healthcare Organizations

HIPAA Guidelines Policy and Procedure Manual for Healthcare Organizations is a manual containing many of our policy and procedure templates for the medical office, hospital, and other healthcare organizations. The policies cover: Joint Commission (JCAHO or TJC) • CMS • HIPAA • CDC • AAAHC and more.

This manual has been retired and is not available for purchase.
Table of ContentsCopyrightDisclaimer
SECTION I - PRIVACY
Uses and Disclosures of Protected Health Information - General RulesUses and Disclosures of Protected Health Information - Minimum NecessaryUses and Disclosures Under a Restricted AgreementRestriction Agreement - Release of Patient Protected Health Information Consent FormDisclosures to Business AssociatesSample Contract: Business AssociateDeceased IndividualsPersonal RepresentativesConfidential CommunicationsUses and Disclosures Consistent with NoticeDisclosures by Whistleblowers and Workforce Member Crime VictimsUses and Disclosures - Organizational RequirementsConsent for Uses or Disclosures to Carry Out Treatment, Payment or Healthcare OperationsDisclosure of Protected Health Information During Disaster Relief EffortsPatient Consent for the Release of Protected Health Information FormUses and Disclosures for Which an Authorization is RequiredPatient Authorization Form - Use and Disclosure of Protected Health InformationUses and Disclosures for Which an Authorization is Required - Defective AuthorizationUses and Disclosures for Which an Authorization is Required - Compound AuthorizationWaiver of Authorization FormUses and Disclosures Requiring an Opportunity for the Individual to Agree or to ObjectUses and Disclosures for an Authorization or Opportunity to Agree or Object is Not RequiredUses and Disclosures for an Authorization or Opportunity to Agree or Object is Not Required; Uses and Disclosures for Research PurposesWaiver of Authorization Form - Research ProjectInterpreter Services and Protected Health InformationUses and Disclosures of Protected Health Information - De Identifying and Re-Identifying Protected Health InformationUses and Disclosures of Protected Health Information - Minimum Necessary RequirementsUses and Disclosures of Protected Health Information for MarketingLimited Data SetData Use Agreement FormUse and Disclosure of Protected Health Information for FundraisingVerification of Identity and Authority of Persons Requesting Protected Health InformationDisclosure of Protected Health Information to Law Enforcement Without Individual AuthorizationNotice of Privacy Practices for Protected Health InformationPatient Privacy Notice HandoutIndividual's Right to Request Privacy Protection for Protected Health InformationRight to Request Privacy Protection for Protected Health Information - Confidential Communications RequirementsAccess of Individuals to Protected Health InformationAmendment of Protected Health InformationAccounting of Disclosures of Protected Health InformationNotification of Breach of Protected Health InformationAdministrative RequirementsPosition Description/Performance Evaluation - (Chief) Privacy/Security Officer)Annual Competency Skills Assessment - (Chief) Privacy/Security Officer)Staff TrainingSafeguardsComplaintsSanctionsMitigationRefraining from Intimidating or Retaliatory Acts Development and Implementation of Protected Health Information Policies and Procedures
SECTION II - SECURITY
General SecurityEmployee Training Log for Computer/Fax StationsList of Computer Stations That Can Create/Transmit Protected Health InformationList of Fax Machines That Can Create/Transmit Protected Health InformationAdministrative Safeguards - Risk AnalysisInventory of Electronic Protected Health Information and Information SystemsAdministrative Safeguards - Risk ManagementAdministrative Safeguards - SanctionsStatement of Adherence - Security Policies and ProceduresAdministrative Safeguards - Information System Activity ReviewAdministrative Safeguards - Privacy/Security OfficerAdministrative Safeguards - Workforce Authorization/SupervisionAdministrative Safeguards - Workforce Clearance and Access AuthorizationAdministrative Safeguards - Workforce TerminationAdministrative Safeguards - Isolating Healthcare Clearinghouse FunctionsConfidentiality StatementReceipt of Access CodeSecurity Code for Computer AccessAdministrative Safeguards - Access Establishment and ModificationAdministrative Safeguards - Security Awareness and TrainingAdministrative Safeguards - Security RemindersAdministrative Safeguards - Protection from Malicious SoftwareAdministrative Safeguards - Log-in MonitoringAdministrative Safeguards - Password ManagementAdministrative Safeguards - Security Incident Procedure - Response and ReportingSecurity Incident: Confidential Information FormSecurity Incident LogAdministrative Safeguards - Contingency PlanAdministrative Safeguards - Data Backup PlanAdministrative Safeguards - Disaster Recovery PlanAdministrative Safeguards - Emergency Operations PlanAdministrative Safeguards - Testing and Revision ProceduresAdministrative Safeguards - Applications and Data Criticality AnalysisAdministrative Safeguards - EvaluationAdministrative Safeguards - Business Associate/Written Contract or Other ArrangementPhysical Safeguards - Facility Access ControlsPhysical Safeguards - Contingency OperationsPhysical Safeguards - Facility Security PlanPhysical Safeguards - Access Control and Validation ProcedurePhysical Safeguards - Medical Records/Health Information Management Department MaintenanceMaintenance of Computer Software ProgramsPhysical Safeguards - Workstation UsePhysical Safeguards - Workstation SecurityPhysical Safeguards - Device and Media ControlsPhysical Safeguards - Device and Media Controls - DisposalPhysical Safeguards - Device and Media Controls - Media ReusePhysical Safeguards - Device and Media Controls - AccountabilityPhysical Safeguards - Device and Media Controls - Data Backup and StorageTechnical Safeguards - Unique User IdentificationTechnical Safeguards - Emergency AccessTechnical Safeguards - Automatic Log-OffTechnical Safeguards - Encryption and DecryptionTechnical Safeguards - Audit ControlsTechnical Safeguards - Method to Authenticate Electronic Protected Health InformationTechnical Safeguards - Authenticate Person/EntityTechnical Safeguards - Transmission SecurityTechnical Safeguards - Integrity ControlsOrganizational Requirements - Business Associate ContractsOrganizational Requirements - Other ArrangementsSample Contract: Business Associate - Electronic Protected Health InformationDocumentation Requirements - Policies and ProceduresDocumentation Requirements - Time Limit, Availability, Updates