CCG Logo
HIPAA Compliant Hosting

Sample HIPAA Policies

These policies are listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.
Access Control Automatic Log Off
Description: Procedures to ensure automatic logoff is enable in the proper systems
Last Updated: April 24, 2024
Access Control Emergency Access
Description: Procedures for accessing ePHI during an emergency
Last Updated: April 24, 2024
Access Control Encryption
Description: Procedures to ensure automatic logoff is enable in the proper systems.
Last Updated: April 24, 2024
Access Control Unique User ID
Description: Assigns Unique ID to Users and establish basic responsibilities in such User.
Last Updated: April 24, 2024
Administrative Safeguards Policy
Description: General introduction and summary of Security Administrative Standards.
Last Updated: April 24, 2024
Assigned Security Responsibility (2016) Policy
Description: Identify the team member responsible for the development/implementation of the policies and procedures required by the security rule.
Last Updated: January 8, 2024
Assigned Security Responsibility Job Description Policy
Description: Defines the requirements for the Security Officer Job Description.
Last Updated: October 13, 2023
Business Associate Contract Policy
Description: Overall Policy regarding BA Contracts.
Last Updated: April 24, 2024
Business Associate Contract: Written Contract or Other Arrangement (Required)
Description: Policy regarding Business Associate Agreements.
Last Updated: October 13, 2023
Contingency Plan – Application & Data Criticality Analysis Policy (Addressable)
Description: Data criticality log and ranking of systems.
Last Updated: January 8, 2024
Contingency Plan – Data Backup Plan
Description: Delineates organizational procedures used to backup and store PHI.
Last Updated: April 24, 2024
Contingency Plan – Disaster Recovery Plan Policy
Description: Procedures to effectuate the restoration of systems and ePHI.
Last Updated: October 13, 2023
Contingency Plan Emergency Mode Operation Plan Policy
Description: Emergency mode operations basics.
Last Updated: January 8, 2024
Contingency Plan Policy
Description: Basic policy describing actions to mitigate damages in an emergency.
Last Updated: April 24, 2024
Contingency Plan Testing & Revision Procedure Policy (Addressable)
Description: Activities needed to conduct regular testing of disaster recovery plan.
Last Updated: October 13, 2023
Device & Media Controls Disposal Policy
Description: Guidelines for electronic equipment and storage media used in association of protected health information.
Last Updated: April 24, 2024
Device & Media Controls Media Re-use Policy
Description: Guidelines for the removal of ePHI from electronic media before the media is made available for re-use.
Last Updated: October 13, 2023
Device and Media Control Accountability Policy
Description: Track and logging guidelines for all hardware and devices with storage capabilities containing EPHI that is received by or removed from a sensitive area.
Last Updated: December 14, 2023
Device and Media Control Data Backup and Storage Policy
Description: Guidelines for electronic equipment and storage media used in association of protected health information.
Last Updated: November 23, 2023
Evaluation Policy
Description: Policy covering the organization's goal of obtaining satisfactory assurances from team members that he/she will safeguard ePHI.
Last Updated: July 5, 2023
Facility Access Control: Security Plan Policy Overview
Description: Established the overall physical security needs of the office.
Last Updated: January 26, 2024
Facility Access Controls – Faxes Policy
Description: Procedure for transmissions of PHI via facsimile.
Last Updated: July 5, 2023
Facility Access Controls – Maintenance Records Policy Addressable
Description: Explains the basic procedures as they relate to physical repairs and or modification of the facility where operations and support activities take place.
Last Updated: November 23, 2023
Facility Access Controls Access Control & Validation Procedures Policy
Description: Rules Necessary to grant access to information systems.
Last Updated: December 14, 2023
Facility Access Controls Contingency Operations Policy Addressable
Description: Describe controls to access facility, especially during emergencies.
Last Updated: December 14, 2023
Healthcare Clearinghouse Isolation Policy – Info Access Management
Description: Ensures information forwarded to Clearinghouses is protected.
Last Updated: February 7, 2024
HIPAA Security Timely Actions Policy
Description: Actions and Forms - Basic Calendar
Last Updated: July 5, 2023
Info Access: Management Authorization Policy Guide
Description: Limits the risk of unauthorized disclosures.
Last Updated: January 26, 2024
Info Access: Management Policy for Access Modification
Description: Guidelines to establish and modify access.
Last Updated: January 26, 2024
Integrity Policy
Description: Procedures to verify that data within the system has not been altered or destroyed without authorization
Last Updated: July 5, 2023
Internet Access Disclaimer Policy
Description: Used to limit liability if providing Internet access to guest.
Last Updated: July 5, 2023
Login Monitoring Policy: Security Awareness Training
Description: Identify unauthorized attempts to penetrate systems.
Last Updated: January 26, 2024
Password Management: Essential Security Training Guide
Description: Effective process for appropriately creating, changing and safeguarding passwords.
Last Updated: February 12, 2024
Physical Safeguards Policy
Description: One of the key elements. Covers a series of security categories needed to comply with requirements.
Last Updated: July 5, 2023
Security Awareness & Training: Metrics
Description: Identifies topics, gaps in training and assess training program.
Last Updated: July 5, 2023
Security Awareness & Training: Protection from Malicious Software
Description: Prevent security violations created by malicious software.
Last Updated: February 7, 2024
Security Awareness & Training: Security Reminders
Description: Communicate to the workforce changes that may affect the privacy and security.
Last Updated: February 7, 2024
Security Awareness & Training: Training
Description: Basics of the Security Training Program and Policies.
Last Updated: July 5, 2023
Security Incident Procedures: Breach Notification (Required)
Description: Describes to team members potential indicators or reportable events and what actions to take.
Last Updated: February 7, 2024
Security Incident Procedures: Responses & Reporting (Required)
Description: Describes to team members potential indicators or reportable events and what actions to take.
Last Updated: February 7, 2024
Security Management Process: Catalog and Settings
Description: Identify all hardware and software that handles ePHI and ensure security settings are available and have been activated
Last Updated: July 5, 2023
Security Management Process: Current Safeguards
Description: Catalog safeguards in place and risks associated or mitigated by the same.
Last Updated: July 5, 2023
Security Management Process: Emergency Preparedness
Description: Defines components of the Risk Analysis as they cover preparation for emergencies.
Last Updated: July 5, 2023
Security Management Process: Information System Activity Review Policy
Description: Describes procedures used to review records of system activity, such as audit logs, access reports, and security incident tracking reports.
Last Updated: July 5, 2023
Security Management Process: Information System Audit
Description: Describes procedures used to review team members access to records and login attempts.
Last Updated: February 7, 2024
Security Management Process: Risk Analysis (Required)
Description: Defines the Risk Analysis process and key actions regarding the same.
Last Updated: July 5, 2023
Security Management Process: Risk Management (Required)
Description: Defines the Risk Management Program and its purpose.
Last Updated: July 5, 2023
Security Management Process: Risk Management Assignment (Required)
Description: Defines assignment of individual to implement the Security Management Plan.
Last Updated: July 5, 2023
Security Management Process: Risk Management Update
Description: Defines the requirement to update the Management Plan and the reasons that may trigger an update.
Last Updated: July 5, 2023
Security Management Process: Risk Updates
Description: Defines the Risk Analysis process and key actions regarding the same.
Last Updated: July 5, 2023
Security Management Process: Sanction Policy (Required)
Description: Defines appropriate against team members who fail to comply with the security policies and procedures.
Last Updated: July 5, 2023
Security Management Process: Website Privacy Policy
Description: Information needed to be posted in website.
Last Updated: July 5, 2023
Security Management: Risk Analysis (Required)
Description: Steps required to assess and prioritize risk analysis.
Last Updated: July 5, 2023
Security Management: Risk Management (Required)
Description: Risk Management Actions.
Last Updated: July 5, 2023
Security Management: Whistleblowers
Description: Describes basic treatment and protection of whistleblowers.
Last Updated: July 5, 2023
Unauthorized Release of Protected Health Information
Description: Breach Procedures.
Last Updated: July 5, 2023
Use Of Voice Assistants
Description: Policy covering the use and presence of voice assistants in the work area.
Last Updated: July 5, 2023
Website Privacy Policy
Description: Describes how patient information collected by our website may be used.
Last Updated: July 5, 2023
Workforce Security: Access Control
Description: Explain access procedures to team members.
Last Updated: July 5, 2023
Workforce Security: Authorization and/or Supervision (Addressable)
Description: Procedures for the authorization/supervision of team members who work with ePHI or in locations where it might be accessed.
Last Updated: July 5, 2023
Workforce Security: Clearance Policy
Description: Procedures for the screening of new employees prior to granting authorization and access to PHI.
Last Updated: July 5, 2023
Workforce Security: Policy on Policies
Description: This policy addresses the process for developing, issuing and maintaining our policies and applies to all team members and associates.
Last Updated: July 5, 2023
Workforce Security: Termination Procedures (Addressable)
Description: Secure data from those who are no longer authorized access.
Last Updated: July 5, 2023
Workstation Security (Required)
Description: Implements physical security for all workstations and portable devices that access PHI.
Last Updated: July 5, 2023
Workstation Use (Required)
Description: Define specific uses of workstations, basic considerations and authentication.
Last Updated: July 5, 2023
Workstation Use: Cell phones
Description: Control use and information of cell phones.
Last Updated: July 5, 2023
Workstation Use: Electronic Communication
Description: Identifies the proper use of available resources.
Last Updated: July 5, 2023
Workstation Use: Personal Digital Assistants (PDAs)
Description: Defines use of the PDAs that connect to the office network.
Last Updated: July 5, 2023
Workstation Use: Remote Access & Work at Home
Description: Specifies the physical attributes of workstations located outside the confines of the main office.
Last Updated: July 5, 2023

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
CCG Logo
HIPAA Compliant Hosting
The premier choice for HIPAA Compliant Hosting services in the United States.
© HIPAA Compliant Hosting. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram