HIPAA HITECH Policies & Procedures

Our HIPAA HITECH Program |HIPAA-HITECH Overview |Security Risk AnalysisRisk Mitigation| Risk Management

Policies and Procedures

The Final Rule requires that “A covered entity must, in accordance with 45 C.F.R. § 164.306, implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements [of the Final Rule]”.

The Office of Civil Rights (OCR) has established 169 protocols to determine compliancy when completing an audit.  Each protocol’s audit procedure requires auditors to “Inquire of management as to whether formal or informal policies or practices exist…”

For Example, the Audit Procedure for §164.308 Establish a Workforce Clearance Procedures reads:

“Inquire of management as to whether procedures exist for granting access to ePHI. Obtain and review policy and procedures and evaluate the content in relation to the relevant specified performance criteria. Obtain and review evidence of approval or verification of access to ePHI.”

Policies, Procedures, and Plans…Oh my!

We know your busy running a medical office and that undertaking the development of policies and procedures to comply with 169 protocols would be an insurmountable task…even if there were two of you.

For that reason, Allstate IT Solutions has developed a comprehensive Information Security Program supplemented by a Business Continuity Program.  These Programs can easily be tailored to the specifics of your practice without your having to devote hours of research into requirements, best practices, and governing guidelines. For a look at the Table of Contents for each Program, click on the thumbnail below.


Benefits of Allstate IT Solutions HIPAA HITECH Policies and Procedures Program

  • All documents will be delivered to you in word format so that they can be “updated or maintained to reflect changes in the covered entity’s environment” as required by the audit protocols.
  • Sections that should be customized by your practice are highlighted in yellow for easy identification.
  • Consulting services are available to you for the customization of policies and procedures.
  • Peace of mind knowing that you will be able to answer “YES” each time the auditor asks you, “Do you have a policy or procedure for…”.