The simple answer is that Covered Entities and their Business Associates need to protect the privacy and security of protected health information (PHI).
But, it gets more complicated when you start to put together a to-do list. As far as action items are concerned, you need to follow the HIPAA Privacy Rule and the HIPAA Security Rule.
Additionally -- we are migrating content from these pages to once we complete the migration, this site will retire and visitors to these pages will be re-directed to that location. On this page, you will find links to UW-Madison's Privacy and Security Rule policies and procedures and its Personnel policies and procedures.
In addition to these policies and procedures, UW-Madison faculty, staff and students are also subject to the policies and procedures of the Health Care Component Unit within which they are employed or assigned (e.g.
This also helps ensure your employees don't forget the important policies and procedures.
Security Metrics is available to periodically help you review policies and revise when necessary.
There are many required changes for HIPAA Compliance manuals, but here are a few of the most important ones.
Pediatric practices must: WARNING: These manuals are templates meaning they contain sample policies and procedures.
This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety.
Without proper policies in place, your employees may do things to place your data in jeopardy.
Security Metrics HIPAA privacy and security policies help you with correct documentation on security practices, processes, and policies to protect your organization from data theft and achieve compliance with HIPAA regulations.
Grab it here: Download the Hi-Res HIPAA Compliance Checklist Here The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI). Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented.
(see the HHS answer) It is important to remember that an addressable implementation specification is not optional.