The HIPAA Policy on Security Incident Procedures governs responses to Security Incidents involving the breach or compromise of Protected Health Information for the covered entity. All personnel of a covered entity must comply with this policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workforce.
SAMPLE TEXT: ENTITY NAME has adopted this Policy regarding Security Incident Procedures in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Final Rule (Effective Date: March 26, 2013). We acknowledge that full compliance with the HIPAA Final Rule is required by or before September 23, 2013.