HIPAA Security Policy Solutions

Information Shield publications are an excellent investment for both payers and providers concerned with HIPAA security and privacy compliance. Written security policies are not only required for HIPAA Privacy and Security, but well-written policies are the cornerstone of any due-care security environment.

Information Security Policies Made Easy provides a complete set of security policies that cover each of the 17 key NIST assessment areas. Organizations can save time and money implementing Level 1 compliance by customizing our library of over 1400 pre-written policies.
» Learn More  » Request a Sample

The PolicyShield Information Security Policy Subscription service is the most cost-effective way to keep security policies updated against the latest technologies, threats and regulatory changes. Save time and money as our experts write the security policies and implementation advice you need when you need them!

 » Learn More  » Request a Sample

Information Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to NIST, security roles and responsibilities are key to implementing an effective control over security. Save your organization hundreds of hours of effort in developing and documenting your security organization.

» Learn More  » Request a Sample

Policies and HIPAA Requirements

According to the final security and privacy rules, an organization must develop policies and procedures to safeguard private health information. Beyond simply writing policies, however, organizations must establish an environment of information control that includes risk assessments, security awareness training, personnel security, incident response and disaster recovery. Information Shield publications will save organizations hundreds of development hours by providing a complete library of policies and standards that cover each of these critical areas.

The following specific sections of the Security Final Rule are addressed by specific policies in Information Shield publications:

Administrative Safeguards
Security Management Process 164.308(a)(1)
Assigned Security Responsibility 164.308(a)(2)
Workforce Security 164.308(a)(3)
Information Access Management 164.308(a)(4)
Security Awareness and Training 164.308(a)(5)
Security Incident Procedures 164.308(a)(6)
Contingency Plan 164.308(a)(7)
Evaluation 164.308(a)(8)

Physical Safeguards
Facility Access Controls 164.310(a)(1)
Workstation Use 164.310(b) and Workstation Security 164.310(c)
Device and Media Controls 164.310(d)(1)

Technical Safeguards (Sec. 164.312)
Access Control 164.312(a)(1)
Audit Controls 164.312(b)
Integrity 164.312(c)(1)
Person or Entity Authentication 164.312(d)
Transmission Security 164.312(e)(1)

Policies and Procedures and documentation Requirements 164.316
Policies and Procedures 164.316 (a)
Documentation (Maintain the policies and procedures in written form) 164.316 (b)