HIPAAtools – The Do-It-Yourself HIPAA Compliance Toolkit for Small Business Associates and Covered Entities

HIPAA compliance for the small organization — a digital health start-up, a small or solo medical or dental or other practice or clinic, a small consultancy serving health care clients — has proved daunting for many.

There is now a solution tailored to your needs and budget.

The HIPAAtoolssm package includes, for one affordable subscription price, all of the following:

  • HIPAA Privacy and Security Policies and Procedures (with user-friendly summaries and videos)
  • HIPAA Risk Assessment Tools
  • Business Associate Agreement Templates
  • HIPAA Training Resources
  • HIPAA Training and Testing Recordkeeping
  • Online Repository for all HIPAA Compliance Records, including Business Associate Agreements
  • Access to Educational and Informative Articles and Blog Posts and Webinars About HIPAA
  • Cyberliability Insurance Information and Broker Contacts
  • Referrals on Request for Penetration Testing, Custom Risk Assessment and Other HIPAA Compliance Services

This is a subscription service. The first year’s subscription includes the initial setup and documentation. Subsequent years’ subscriptions (available at a heavily discounted rate) maintain access to the resources online. Repeat online risk assessments are included, but custom risk assessments are priced separately. Fill out the HIPAAtoolssm order form now and your HIPAA compliance program could be humming along in no time.

The portal will have policies and procedures loaded in that address all of the requirements of the HIPAA rules:

1.  Administrative Safeguards

These provisions are defined in the Security Rule as the “administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”

Policies and Procedures include:

  • Security Management Process
  • Assigned Security Responsibility
  • Workforce Security
  • Information Access Management
  • Security Awareness and Training
  • Security Incident Procedure
  • Contingency Planning
  • Evaluation
  • Business Associate Contracts

2.  Physical Safeguards

These provisions are defined as the “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”

Policies and Procedures include:

  • Facility Access Controls
  • Workstation Use
  • Workstation Security
  • Device and Media Control

3.  Technical Safeguards

These provisions are defined as the “technology and the policy and procedures that protect electronic protected health information and control access to it (the ePHI).”

Policies and Procedures include:

  • Access Control
  • Audit Control
  • Person or Entity Authentication
  • Transmission Security

Each Policy and Procedure is a separate Microsoft Word document.  The Policies and Procedures are customized for your organization.

Covered Entities also receive a full HIPAA Privacy Manual that addresses the requirements of the HIPAA Privacy Rule.

Custom services and advising are available through The Harlow Group LLC. For more information about The Harlow Group’s HIPAA practice, see HIPAA Services.

Don’t delay: Order your HIPAAtools subscription today, so that you can build, maintain and document your HIPAA compliance program, and achieve some needed peace of mind. Why leave yourself open to government fines and civil liability for failure to implement and document an appropriate HIPAA compliance plan?

Order today and you can be all set up in as little time as five business days.

If you have any questions before you order, or if you require custom services, please contact us.

This service should not be confused with legal or other professional advice (which is available to clients of The Harlow Group LLC). Read the disclaimer.