HIPAA Investigations Policy Template
HIPAA Investigations Policy Template
Secure your company's compliance with the HHS investigation and recordkeeping requirements with our HIPAA Investigations Policy Template. This pre-made, professionally designed policy provides guidance and structure to Covered Entities (CEs) and Business Associates (BAs) regarding their responsibilities during investigations conducted by the Office for Civil Rights (OCR). The policy outlines the process for responding to OCR requests for investigation records, ensuring that both parties are properly informed from the start. It also covers conducting internal investigations related to security incidents or other potential privacy violations.
The template is developed in line with federal regulations and addresses all CEs and BAs covered under HIPAA. It includes step-by-step instructions on how to prepare a response plan in anticipation of future requests as well as specific processes that need to be followed when responding to an investigation request. Additionally, it stipulates best practices needed during an internal privacy breach investigation, such as reporting policies, disciplinary measures, on-going monitoring activities and cooperation procedures with outside entities.
SAMPLE TEXT: ENTITY NAME has adopted this HIPAA Investigations Policy in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Final Rule (Effective Date: March 26, 2013). We acknowledge that full compliance with the HIPAA Final Rule is required by or before September 23, 2013.
ENTITY NAME hereby acknowledges our duty and responsibility to protect the privacy and security of Individually Identifiable Health Information (“IIHI”) generally, and Protected Health Information (“PHI”) as defined in the HIPAA Regulations, under the regulations implementing HIPAA, other federal and state laws protecting the confidentiality of personal information, and under principles of general and professional ethics. We also acknowledge our duty and responsibility to support and facilitate the timely and unimpeded flow of health information for lawful and appropriate purposes.
Each of our HIPAA templates are in Microsoft Word (.docx) format for easy editing. Each template is guaranteed to be fully HIPAA & HITECH compliant when properly implemented.