HIPAA Business Associates Policy Template

Description

The HIPAA Policy on Evaluating the Effectiveness of Security Policies and Procedures is an essential tool for protecting your organization. This policy outlines the requirements for periodic technical and non-technical evaluations that are needed to ensure that your security policies and procedures meet the requirements of this subpart of the HIPAA Privacy rule. Our team of experts has designed a comprehensive policy that can help you comply with all the regulations outlined by HIPAA and ensure maximum data security.

This policy will cover everything from risk assessment, to implementation guidance on safeguards, to standards for ensuring effectiveness. We’ll provide detailed instructions on how to execute these necessary evaluations, offering advice on specific measures you can take in order to guarantee optimal results. It is also tailored according to your individual business needs, taking into account complex organizational structures, distributed systems, medical applications, and other elements unique to your situation.

SAMPLE TEXT: ENTITY NAME has adopted this Business Associates Policy in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Final Rule (Effective Date: March 26, 2013). We acknowledge that full compliance with the HIPAA Final Rule is required by or before September 23, 2013.

ENTITY NAME hereby acknowledges our duty and responsibility to protect the privacy and security of Individually Identifiable Health Information (“IIHI”) generally, and Protected Health Information (“PHI”) as defined in the HIPAA Regulations, under the regulations implementing HIPAA, other federal and state laws protecting the confidentiality of personal information, and under principles of general and professional ethics. We also acknowledge our duty and responsibility to support and facilitate the timely and unimpeded flow of health information for lawful and appropriate purposes.