HIPAA Security Policy Solutions

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Join hundreds of clients who have used Information Shield to save time and money developing a written security and privacy program that complies with the data protection requirements of HIPAA and the adopted revisions of the HiTECH Act. Our publications provide comprehensive topic coverage for both Required and Addressable controls.

Develop Information Security Policies Quickly

Information Security Policies Made Easy

Information Security Policies Made Easy provides a complete set of over 1600 information security policies that cover each of the Required and Addressable controls of the HIPAA Final Security Rule.  Our HIPAA Policy Map lets you easily address the topics you need.  Get started in minutes and save thousands of dollars in consulting fees with our policy templates.  Topics include:  Access Control, Audit and Assessment, Network Security, Workforce Security, Information Protection and Transmission, Incident Response, Third Party (BA) Security, Risk Management, and much more.

» Learn More  » Request a Sample

Simplify HIPAA Compliance

IT Security Made EasyUse ComplianceShield to help automate every aspect of HIPAA compliance, including support for Business Associates and Vendor Management.  Develop and distribute security policies, define and document a HIPAA control framework, educate and train employees, and prepare and manage key evidence all in a single secure platform.   IT security compliance does not have to be difficult and expensive.


» Learn More  » Request a Sample

Document Information Security Roles

Security Roles and Responsibilties

Information Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to HIPAA (Assigned Security Responsibility 164.308(a)(2)), security roles and responsibilities are key to implementing an effective control over security. Save your organization hundreds of hours of effort in developing and documenting your security organization.

» Learn More  » Request a Sample

Security Policies and HIPAA Compliance

According to the final security and privacy rules, an organization must develop information security policies and procedures to safeguard private health information. Beyond simply writing policies, however, organizations must establish an environment of information control that includes risk assessments, security awareness training, personnel security, incident response and disaster recovery. Information Shield publications will save organizations hundreds of development hours by providing a complete library of policies and standards that cover each of these critical areas.

The following specific sections of the Security Final Rule are addressed by specific policies in Information Shield publications:

Administrative Safeguards
Security Management Process 164.308(a)(1)
Assigned Security Responsibility 164.308(a)(2)
Workforce Security 164.308(a)(3)
Information Access Management 164.308(a)(4)
Security Awareness and Training 164.308(a)(5)
Security Incident Procedures 164.308(a)(6)
Contingency Plan 164.308(a)(7)
Evaluation 164.308(a)(8)

Physical Safeguards
Facility Access Controls 164.310(a)(1)
Workstation Use 164.310(b) and Workstation Security 164.310(c)
Device and Media Controls 164.310(d)(1)

Technical Safeguards (Sec. 164.312)
Access Control 164.312(a)(1)
Audit Controls 164.312(b)
Integrity 164.312(c)(1)
Person or Entity Authentication 164.312(d)
Transmission Security 164.312(e)(1)

Policies and Procedures and documentation Requirements 164.316
Policies and Procedures 164.316 (a)
Documentation (Maintain the policies and procedures in written form) 164.316 (b)