|
sample policies (HIPAA)
HIPAA's Privacy Rule and
Security Rule both require
that a covered entity
develop comprehensive information policies...
... with respect to protected
health information that are designed to comply with
the standards, implementation specifications, or other requirements
of [the regulations]. The policies and procedures must be
reasonably designed, taking into account the size of and
the type of activities that relate to protected health information
undertaken by the covered entity, to ensure such compliance.
In other words, while the regulations set what must be covered
in such policies, organizations are given leeway to develop
specifics that are reasonable and appropriate given their
situations.
The following organizations' policies provide examples of
approaches to this task:
This list focuses on University-affiliated health care organizations,
which tend to be large and for the most part represent the
high-complexity end of the spectrum. But even within this
group there is considerable variation in the size and intricacy
of policies.
The two Workgroup for Electronic Data Interchange (WEDI)
reports listed below provide detailed guidance on implementing
HIPAA-compliant policies. Many commercial templates are also
available, for a fee.
See also:
|
