Shopping Cart
Your Cart is Empty
There was an error with PayPalClick here to try again
CelebrateThank you for your business!You should be receiving an order confirmation from Paypal shortly.Exit Shopping Cart

Policy & Procedure Documents

All policies and procedures will be tailored to your business and its needs. SHC can brand the documents with your company's logo and personalize each procedure as you see fit. 


SHC will review and update documentation current compliance program.

The following documents will be included in all packages (as needed) and fulfill the Organizational and Policy & Procedure components of HIPAA regulation 45CFR 164.314/164.316:

Security Management Process

  1. Risk Analysis
  2. Risk Management
  3. Sanction Policy
  4. Information System Activity Review

Information Access Management

  1. Access Authorization 
  2. Establishment and Modification
  3. Isolating Clearinghouse Functions 
Workforce Security

(Administrative Safeguards)

  1. Termination Procedure
  2. Workforce Clearance
  3. Authorization and Supervision
Assigned Security Responsibility

Audit Controls

Access Controls 

  1. Automatic Log-Off
  2.  Unique User ID 
  3. Emergency Access Procedure
  4. Encryption and Decryption 

Breach Notification

Data Integrity Controls Procedures

Documentation Availability Policy

Documentation Policy

Documentation Updating Policy

Security Incident Procedures
  1. Response and Reporting
Transmission Security

  1. Encryption (Transmission)
  2. Integrity Controls

Facility Access Controls
  1. Maintenance Records 
  2. Contingency Operations Procedures
  3. Access Control and Validation
  4.  Security Incident Procedures
Security Awareness & Training

  1. Security Reminders
  2. Protection from Malicious Software
  3. Log-in Monitoring
  4. Password Management

Device and Media Control
  1. Disposal
  2. Media Reuse
  3. Accountability
  4. Data Backup & Storage

HIPAA Documentation Retention Policy

HIPAA State Law Preemption Policy

HIPAA Training Policy

Information Systems Activity Review Policy

Password Management Policy

Patient Rights Policy

Person or Entity Authentication

PHI Uses and Disclosures Policy

Contingency Plan
  1. Data & Applications Criticality Analysis 
  2. Data Backup Plan 
  3. Disaster Recovery Plan
  4. Emergency Mode Operations Plan 
  5. Testing and Revision Procedures
Workstation Use

Workstation Security 

(Physical Safeguards)


  1. Mechanism to Authenticate ePHI

Person or Entity Authentication 


Business Associate Contract & Other Arrangements

  1. Written Contract or other Arrangements

Privacy Complaints Policy

Risk Analysis Policy

Risk Management Implementation Policy

Risk Management Process Policy

Forms included in this package (as required)

Notice of Privacy Practice

(Includes but is not limited too)

  • Right to Access
  • Right to Copy
  • Right to Request Restrictions
  • Right to Complain
  • Right to Request Amendments
  • Covered Entities Duties
  • Contact Information for Security Officer & HHS
  • Uses & Disclosures

New Hire Security Checklist

Workforce Confidentiality Agreement

Workforce Termination Checklist

Acceptable and Non-Acceptable Use Policy

Authorization for Use & Disclosure for Research Purposes 

Breach Notification Notice

Business Associates Agreement Template

Certificate Of Destruction Form

Denial Of Request For Amendment To PHI Letter

Disclosure of Protected Health Information Log

Right To Receive Communication by Alternate Means

Right To Request Amendment

Release of Information Request

Request for Accounting of Disclosure

Revocation of Authorization to Release

Remote Workforce Policy

Privacy & Security Officer Position Description

Contact Information


(540) 508-4863


Monday-Thursday: 9:00am - 5:00pm

Friday: 9:00am - 12:00pm
Saturday-Sunday: Closed

                                              © 2020 Shenandoah HIPAA Consultants, LLC Stephens City, Virginia