HIPAA Security Policy Solutions

Health Insurance Portability and Accountability Act of 1996

Information Shield publications are an excellent investment for both payers and providers concerned with HIPAA security and privacy compliance. Written security policies are not only required for HIPAA Privacy and Security, but well-written policies are the cornerstone of any due-care security environment.

Information Security Policies Made Easy provides a complete set of security policies and standards that cover both "required" and "addressable" standards and can easily be customized for any organization. ISPME includes:

Over 1300 pre-written information security polices and standards ready to customize.
Complete policy coverage for both "required" and "addressable" standards.
Detailed implementation advice to create an effective security environment.
Policies targeted at different organizational roles (management, technical, end-user).

The Privacy Management Toolkit provides expert guidance and time saving tools for building and maintaining a privacy governance program according to international guidelines. The PMTK includes:

A complete data privacy policy library with over 100 individual pre-written policies
Expert advice on establishing a Privacy Governance program.
Coverage on over 25 U.S. and international privacy laws.
A complete Privacy Impact Assessment to benchmark your privacy program against OECD Privacy Principles.
How to identify, document and protect Personally Identifiable Information (PII) in your organization.
A complete data privacy breach impact calculator.

Information Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to HIPAA, information security roles and responsibilities must be defined (164.308(a)(2)). Information Security Roles and Responsibilities Made Easy is the only resource available that can save your organization hundreds of hours of effort in developing your security organization. Information Security Roles and Responsibilities Made Easy contains:

40 pre-written job description with detailed security requirements for each job function.
Pre-written organization charts that map security roles and reporting relationships.
Detailed implementation advice to create an effective security environment.
Advice on proper staffing and budgeting for security roles.
Standard practices that have been shown to be effective at over 125 organizations around the world .

Policies and HIPAA Requirements

According to the final security and privacy rules, an organization must develop policies and procedures to safeguard private health information. Beyond simply writing policies, however, organizations must establish an environment of information control that includes risk assessments, security awareness training, personnel security, incident response and disaster recovery. Information Shield publications will save organizations hundreds of development hours by providing a complete library of policies and standards that cover each of these critical areas.

The following specific sections of the Security Final Rule are addressed by specific policies in Information Shield publications:

Administrative Safeguards
Security Management Process 164.308(a)(1)
Assigned Security Responsibility 164.308(a)(2)
Workforce Security 164.308(a)(3)
Information Access Management 164.308(a)(4)
Security Awareness and Training 164.308(a)(5)
Security Incident Procedures 164.308(a)(6)
Contingency Plan 164.308(a)(7)
Evaluation 164.308(a)(8)

Physical Safeguards
Facility Access Controls 164.310(a)(1)
Workstation Use 164.310(b) and Workstation Security 164.310(c)
Device and Media Controls 164.310(d)(1)

Technical Safeguards (Sec. 164.312)
Access Control 164.312(a)(1)
Audit Controls 164.312(b)
Integrity 164.312(c)(1)
Person or Entity Authentication 164.312(d)
Transmission Security 164.312(e)(1)

Policies and Procedures and documentation Requirements 164.316
Policies and Procedures 164.316 (a)
Documentation (Maintain the policies and procedures in written form) 164.316 (b)

For more information on using Information Shield solutions for your HIPAA compliance efforts, please contact us.

"(R) Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart."

- HIPAA Security Final Rule, 164.316 (a) Polices and Procedures

"Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity."

- Assigned Security Responsibility Standard 164.308(a)(2)

"Essentially, a covered entity is required to develop and implement policies and procedures appropriate to the entity's business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;"

- HIPAA Privacy Rule 45 CFR Part 160

"Information Security Policies Made Easy is an indispensable tool for anyone who needs to develop a HIPAA security policy. Those who are familiar with the hardbound version of the classic work by Charles Cresson Woods will be amazed by this interactive format. Navigation aids such as the 'find' command allowed me to cut my development time considerably."

Harry E. Smith, CISSP, Co-Founder
PrivaPlan Associates, Inc.