Thousands of Policies delivered to satisfied customers.

Are you prepared for the new HIPAA Regulation? Omnibus? HITECH?

Limited Time Offer - get 10% off for a limited time, so buy today before the sale ends!  

hipaa security policies

Get the HIPAA policies you need from the market leader in IT security policies.  You may be aware that as of September 23, 2013 your Health Information Privacy and Accountability Act (HIPAA) policies must be compliant with the new amendments made to HIPAA through the Omnibus Rule.  Many companies will no longer be in compliance and must update their HIPAA security policy to meet the new regulations.  These new changes were finalized in January 2013, went into effect March 26, 2013 and contain significant changes including more restrictions, stiffer penalties, and more enforcement.

If your organization is a covered entity or business associate that works with Electronic Protected Health Information (ePHI) it is critical to comply with the new HIPAA rules.  Noncompliance can be met with fines and other penalties.  In a few recent penalties one health insurance organization has agreed to pay $1.7 million, a large university agreed to pay $400,000, and a large pharmacy agreed to pay $1.44 million.  Can your organization afford these penalties?

Even closer to home - can you afford these penalties? Individuals like directors, employees, or officers of the covered entity may also be criminally liable under HIPAA.  At up to $50,000 per violation and potentially up to 10 years in prison, noncompliance with the HIPAA, the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Omnibus rule is simply not an option.  While there is a maximum of $1.5 million for identification vocations in most cases, there is no theoretical maximum fine per year! These penalties can also be for unknowing covered entities - meaning if you did not know about the violation you can still be penalized both criminally as well as civilly.


But compliance is complicated.  The HIPAA security rule is complicated enough - and that is before it was modified by HITECH and the Omnibus Rule.  There are hundreds of pages of information contained in these regulations.  Ensuring your HIPAA security policy complies with the various aspects of each is almost impossible, whether you are a compliance officer at a large organization or the owner of a small business.

What is Electronic Protected Health Information (ePHI)? ePHI means identifiable health information that is transmitted, or maintained, by electronic media and transmitted or maintained in any other form or medium.  The definition is very broad - if you store or transmit ePHI you are most likely covered by HIPAA.

What is a covered entity? Any health care provider that transmits health information covered by the HIPAA Transaction Rule whether directly or through a business associate.  A business associate is defined as a person that performs a function or activity on behalf of, or provides services to, a covered entity that involves individually identifiable health information.  This means that YOU are responsible for a breach even for someone that does work for you, if it involves your data.

As you can see the update in the 15-year-old HIPAA there are a significant amount of changes.  The Omnibus rule really puts some teeth into HIPAA.  From compliance officers at large organizations all the way down to small health care offices must be prepared for HIPAA.

The Department of Health and Human Services (HHS) HIPAA Omnibus Rule contains over 500 pages of information.  The law is vague and complicated - do you have the time to read over 500 pages and determine what changes you need to make to your existing HIPAA security policies in order to be compliant?

Did you know that under the Omnibus rule the definition of a breach has changed? Under the HIPAA and HITECH an incident was not required to be disclosed if the compromised data contained limited data.  However, under the new rule breaches of limited data sets must be handled like all other breaches of ePHI, regardless of their content.  This means that you must notify the individuals of the data breach and if the breach affects more than 500 residents you must notify the media and HHS.  Do you want to see your organization's name or YOUR name to make the nightly news?

The enforcement rule preempts any state law that is contrary to it unless the state law is more stringent.  The Omnibus Rule is very powerful!  Compliance with HIPAA information security requirements is critical.

But that is where we come in.  Our expert policy writers have spent months updating our industry-proven Gold Security Policy Product to meet this new standard, and converting it into a downloadable, pre-written security policy template! What that means to you is a complete, comprehensive, and professionally-written security policy that can be immediately used for HIPAA information security compliance.  Perhaps better yet, it is also fully functional as an information security policy.  Your new HIPAA policy template isn't just a skeleton that you need to add IT policies to or copy and paste IT policy statements in to get a full IT security policy - you will get a complete HIPAA security policy ready to implement immediately.

As the market leaders in online security policy development, we have developed security policies for thousands of companies.  Our years of IT security policy experience are reflected in our brand-new Instant HIPAA policy template, which is also compliant with HITECH and the Omnibus rule!

Our policies are written by IT policy experts with 30 + years of experience with IT compliance including HIPAA and PCI.  Not only are our policies designed specifically for HIPAA information security compliance, but they are also complete IT policies covering best practices for information technology - not fragmented statements that you need to integrate into your existing policies.  We aren't providing you with thousands of policy statements that you must sort through and create your own HIPAA security policy - we are providing you with a complete solution.

You can see a HIPAA policy mapping with the new HIPAA regulation to our HIPAA policies here.

The following images are actual screenshots from different sections of an Instant HIPAA Security Policy.

    Breach Notification Policy                       Sanction Policy


                   Business Associate Policy               Confidential Data Policy


Thousands of companies have trusted with IT security policies from the worldwide-leader in IT policy creation and innovation.  We serve companies from small, cash-strapped startups, to companies with over 50,000 employees and billions of dollars in income.  If you need a security policy we will meet your needs.

Save your valuable time and get our pre-written HIPAA policy template without suffering through a bloated government-written document!

Our templates are in Microsoft Word format, so you can edit the policies however you see fit.  Most customers are able to use them exactly as they are provided, however we understand that you need the piece of mind to be able to edit them should the need arise.  With your Instant HIPAA security policy product you will receive a document detailing the sections that are required for HIPAA compliance, so you can make edits without being concerned that you are affecting your compliance.

You must find a partner in order to help you achieve compliance.  Let be that knowledgeable parter to make your life easier.

We are so sure you will be satisfied with these HIPAA policies that we are offering a money-back guarantee.  If you aren't satisfied with your policies we will refund your money - no questions asked!

Just a few of the reasons to buy from

  • Written by IT security compliance experts
  • Trusted, Gold-Standard IT security policy provider
  • HIPAA compliant IT policy templates written specifically for the Omnibus Rule and the HITECH Act
  • Money-back guarantee
  • A+ Rating with the BBB
  • Includes our "Getting Started" document to help with policy implementation
  • Complete policies - not just a CD full of policy statements
  • Fully Editable policies in Microsoft Word compatible format

Buy our Instant HIPAA policy template product today and get access to our Microsoft Word compatible HIPPA compliant security policies, our Getting Started Guide, and a document describing the required HIPAA policy statements.

CURRENT SPECIAL PRICE: $629.10.   This sale price will rise soon so be sure to act before this promotion expires!  


Selected Client Logos

Client Logos

A Few Customer Testimonials

"Thank you for helping me achieve HIPAA compliance with your HIPAA policy template.  This is the only way where I did not have to read hundreds of pages of boring documents!"
Carly Johnson - CEO, San Luis Obispo, CA

"I needed a complete information security policy template for my organization that was affordable and your solution was perfect."
Jenny Block - Network Manager, Orlando, FL

"I was able to use your HIPAA security policies immediately without any changes.  What a time saver - It would've taken me weeks to write a HIPP security policy this good!"
Chris Patterson - Network Manager, Bozeman, MT

"Compliance is very difficult for our small business with limited resources.  We would be in bad shape without your Instant HIPAA policy template."
Matt Cox - Lake Charles, LA

"We just found out we are a covered entity under the new HIPAA regulation.  I required good solution fast in order to be in compliance and your HIPAA policies saved me."
Randall Ward - CTO, Memphis, TN



BBB Link

Please note: The above information is based on interpretation by an experienced policy professional and is believed to be correct.  Please note, however, that is not in the business in dispensing legal advice and thus any policies should be reviewed for applicability to your specific situation.