Templates

HIPAA Security Templates

These are the same required-document templates found in the Risk Assessment and Policies and Procedures tools.

• Applications and Data Criticality Analysis
• Applications and Data Criticality Analysis Template (Form)
• Breach Training for Employees
• Configuration Change Policy
• Contingency Plan
• Data Backup Policy
• Emergency Plan Testing Policy and Procedure
• Encryption Policy
• Evaluation Policy
• Facility Access Controls Policy
• HIPAA Violation Sanction Policy
• Information System Activity Review Policy
• Integrity Controls Policy
• Internet and Email Use Policy
• IT System Maintenance Policy
• Media Sanitization and Disposal Policy
• Mobile Devices Policy
• Paper Sanitization Policy
• Password Policy
• Patch Management Policy
• Person or Entity Authentication
• Protection from Malicious Software Policy
• Remote Access Policy
• Risk Management Policy
• Security Awareness Training Policy
• Security Incident Response Plan
• Security, Privacy, Breach Policy
• Security Program for Security Officer
• Technical Safeguards – Access Control Policy
• Termination Policy
• Transmission Security Policy
• Uses and Disclosures of PHI
• Wireless Security Policy
• Workstation Security Policy

HIPAA Privacy & Form Templates

These templates are not found in the Risk Assessment or Policies and Procedures tool. Remember, it is prohibited to upload or in any other way insert Protected Health Information (PHI) into the HIPAAgps system.

*** Indicates that the template should not to be uploaded to the HIPAAgps system once filled.

• Acknowledgement of Request for Access Letter
• Acknowledgement of Receipt of NPP ***
• Authorization Form
• Confidential Communications
• Completion of Investigation
• Designated Record Set
• Employee Documentation
• Fax & Email Privacy Notice
• HIPAA Privacy Policy for Business Associate
• HIPAA Privacy Program Policy
• Notice of Privacy Practices
• Notice of Privacy Practices Policy
• Patient’s Rights Policy
• Personal Representatives – Deceased Individuals
• Privacy Complaint Form ***
• Privacy Complaint Log ***
  • Privacy Complaint Log Spreadsheet ***
• Receipt of Complaint
• Receipt of Request for Review
• Request for Accounting of Disclosures Form ***
• Request for Access Form ***
  • Request for Access Approval
  • Request for Access Denial
  • Right to Access – Request for Review of Denial
  • Right to Access – Final Determination
• Request for Additional Time to Respond
• Request for AOD from Business Associate
• Request for Communication Accommodation Form
  • Communication Request Acceptance
  • Communication Request Denial
  • Request to Terminate Communication Accommodation
  • Termination of Communication Accommodation
• Request Restriction on PHI ***
  • Restriction of Uses and Disclosures Acceptance Letter
  • Restriction of Uses and Disclosures Denial Letter
  • Request to Terminate Restriction on Uses and Disclosures
  • Termination of Restriction of Use and Disclosure Letter
• Security Incident Response Form ***
• Termination Checklist
• Workstation Use Privacy Acknowledgement

Business Associate Agreement Templates and Questionnaire

These documents are to be used in your business associate relationships. The questionnaire can be used to help you assess your associates’ levels of HIPAA compliance.

• Business Associate Agreement
• Cover Letter for BAA Changes
• HIPAA BAA Questionnaire
• Request for AOD from Business Associate