HIPAA Policy on Security Incident Procedures Template

The HIPAA Policy on Security Incident Procedures Template is designed to provide standardized security procedures and incident response processes that meet the HIPAA Security Rules regulations. Our template will help ensure your organization is compliant while protecting your data, systems, and other physical devices from unauthorized access or disclosure. Additionally, it provides a framework to identify, respond to and mitigate any suspected or known security incidents.

Our template covers all necessary steps of responding to a security incident such as determining who handles the incident response process, understanding when to notify authorities, creating an effective notification plan and following up with required documentation. It elaborates on how all pertinent parties associated with the incident must coordinate instructions at each stage of the investigation in a timely manner. With our template, healthcare providers can rest assured knowing the foundation for a successful response plan is in place if a security incident occurs.

SAMPLE TEXT: ENTITY NAME has adopted this Policy regarding Security Incident Procedures in order to recognize the requirement to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Final Rule (Effective Date: March 26, 2013). We acknowledge that full compliance with the HIPAA Final Rule is required by or before September 23, 2013.

ENTITY NAME hereby acknowledges our duty and responsibility to protect the privacy and security of Individually Identifiable Health Information (“IIHI”) generally, and Protected Health Information (“PHI”) as defined in the HIPAA Regulations, under the regulations implementing HIPAA, other federal and state laws protecting the confidentiality of personal information, and under principles of general and professional ethics. We also acknowledge our duty and responsibility to support and facilitate the timely and unimpeded flow of health information for lawful and appropriate purposes.

Each of our HIPAA templates are in Microsoft Word (.docx) format for easy editing. Each template is guaranteed to be fully HIPAA & HITECH compliant when properly implemented.