Contact Us at +1-484-212-0850

How to Write and Adopt HIPAA Policies and Procedures?

Duration :

Course Description:

Most HIPAA Security Standards do not require the implementation of any specific security measure. Rather, they require covered entities and business associates to write and adopt policies and procedures. For example, the Security Rule does not require you to terminate access in any particular way. Rather, you must have a Termination Procedure spelling out how you will terminate access. A number of six and seven-figure fines from HHS have involved not having policies or procedures or not having adequate ones. And HHS has fined violators in excess of $1 million for not having policies not even mentioned in HIPAA. Massachusetts General Hospital, for example, was fined $1 million for leaving paper PHI on a subway. No work-at-home policy! No such policy is mentioned in HIPAA.

And just having a policy is enough, it must say what you want it to understandably and be enforceable

Why should you Attend?

This 60 minute webinar on "How to Write and Adopt HIPAA Policies and Procedures" will given by an expert HIPAA consultant, author, attorney, and expert witness, will begin an introduction stressing the importance of complying with the requirement to write and adopt policies and procedures, both those expressly stated and those that may also be necessary and have had the lack of result in a fine.

After an introduction, the seminar will focus on why do we need to understand this topic, how to use HIPAA required Risk Analysis to help you decide which policies and procedures to develop, and how to conduct research before drafting policies and procedures, by asking and answering the right questions, soliciting help, and collecting samples. Then it will cover how to draft policies and procedures that comply with HIPAA’s requirements, based on sound principles of substance, organization, coherence, style, and correctness.

Once policies are adopted, HIPAA requires covered entities and business associates to revise policies and procedures, including steps of reviewing, incorporating recommended changes, and implementing.

Then the webinar will help you figure out how to decide whether you must draft addressable policies under HIPAA—policies that you only have to implement if it is reasonable and appropriate to do so. Then it coveres how to decide whether you need any other policies not mentioned by HIPAA followed by a conclusion and question and answer.

The webinar will conclude with a summary and a question and answer session.

Areas Covered:

Topics which will be covered in the session (bulleted point)

  • Using HIPAA required risk analysis to help you determine what policies to adopt and what they should say.
  • How to research what the policy should be.
  • Drafting—the five elements of good drafting.
  • Revising.
  • Adopting and implementing.
  • What policies and procedures are required.
  • What policies and procedures are addressable—you must implement them if they are reasonable and appropriate in your situation.
  • What other policies might you need?

Who will benefit?

This webcast will be of a valuable assistance to the below audience.

  • Director of Health Information Management
  • Medical Records Supervisors and Personnel
  • Compliance Officers
  • Security and Privacy Officers
  • Office Managers
  • IT Supervisors
  • Risk Managers
  • Quality Assurance Officers
  • Healthcare Attorneys
  • Practice Owners and Managers
  • HIPAA consultants

Registration Options

Avail 12 months unlimited access for a single user.

Material shipped within 15 days post webinar completion & get life time access for unlimited participants.


HIPAA Compliance, HIPAA Policies and Procedures, HIPAA Requirements, Avoiding HIPAA Penalties, HIPAA Security Rule Requirements

Speaker Details



Healthcare Attorney, Author and President of EMR Legal

Jonathan P. Tomes has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of handling security incidents to avoid liability provide a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for more than 20

Refund Policy

Participants/Registrants for our live events, may cancel up to 72 hours prior to the start of the live session and ComplianceTrain will issue a letter of credit to be used towards any of ComplianceTrain's future events. The letter of credit will be valid for 12 months.

ComplianceTrain will process refund in cases where the event has been cancelled and is not rescheduled within 90 days from the original scheduled date of the webinar. In case if a live webinar is cancelled, participants/registrants may choose between recorded version of the course or a refund. Refunds will not be processed to participants who do not show up for the webinar. A webinar may be cancelled due to unavoidable circumstances, participants will be notified 24 hours before the scheduled start of the event. Contact us via email: