HIPAA Security Policy & Procedures Development & Maintenance

Security Compliance Associates (SCA) will review, revise, modify and document existing information security policies and procedures, draft additional policies and procedures as necessary to enhance and organize our clients written policies and procedures utilizing a three-tiered compliance model.

INFORMATION SECURITY POLICIES

The Information Security Policy, approved by the Board or executive practice management, is the compliance-oriented document that provides the strategic direction for your practice and delegates to management the responsibility and authority to implement the Information Security Program.

INFORMATION SECURITY STANDARDS AND PROCEDURES

The standards document will define the principles, values and environment. Standards also define the authorized use of information and compliance requirements. Procedures specify step-by-step directions for compliance with standards.

EMPLOYEE GUIDELINES

Employee Guidelines consist of those elements of the practices’ standards and procedures that affect every employee and are augmented with the practice’s appropriate use standards. The Employee Guidelines do not contain elements of the standards and procedures that are designed for management and IT staff. The Employee Guidelines provide a guide for meeting mandated training requirements.

POLICIES AND PROCEDURES MAINTENANCE

Throughout the term of the contract, SCA will modify the healthcare providers policy and procedures as necessary to keep pace with changes in law or regulation, changes in technology, changes in management and/or changes in operations that may impact the practice’s Information Security Policies and Procedures.