Privacy and Security Toolkit
The EHNAC Privacy and Security Toolkit includes a comprehensive set of policies, procedures, forms, best practices and compliance tools and is available in three versions customized for Business Associates, Group Health Plans, and Providers. Regulatory topics include, but are not limited to, HIPAA/HITECH privacy, security, breach and enforcement. In addition, the EHNAC Privacy and Security Toolkit includes two hours of senior-level, individualized consulting assistance.
In mid 2019, the Office for Civil Rights clarified the applicable liability for Business Associates as it relates to Privacy requirements. Business Associates have always been responsible for adherence to the HIPAA Security requirements, but the extent to which Privacy rules apply has been an open question. The Business Associate version, Risk Assessment materials, draft privacy and security policies and procedures, and other compliance related tools have been updated to reflect the privacy component and aid in HIPAA/HITECH/Cybersecurity compliance specific to the needs of the Business Associate.
The Group Health Plans (GHP) version is specifically customized for those who sponsor Employer Group Health Plans. This version provides templates, draft policies and procedures, and other compliance-related resource materials to aid in the specific compliance needs of GHP organizations. The sample Gap Analysis and Risk Assessment materials, policies and procedures include language and sample scenarios that are also customized to the unique business model experienced by the HIPAA GHP type of covered entity.
Likewise, the Provider version is customized for those organizations subject to HIPAA as Provider Covered Entities. This includes but is not limited to Medical Doctors and Physician Groups, Clinics, Pharmacies, Dentists, Nursing Homes and many other types based on the regulatory definitions. The draft policies and procedures, sample PHI Flow and Gap Analysis, Risk Assessment materials are applicable to the provider scenario and aid in gaining and maintaining ongoing required compliance.
The Toolkit offers detailed analysis and reports to measure, track and demonstrate your organization’s compliance across mandated privacy and security regulations.
-Rob Collins, General Counsel, 4-C Health
Once the toolkit is purchased and received, an identified person(s) within your company will use the tools and guidance provided in the EHNAC Privacy and Security Compliance Toolkit to customize the policies, procedures and forms, especially for your organization. These materials have been aligned with our programs for ease of use for those organizations desiring to gain EHNAC program accreditation as well. Gaining accreditation is a separate process, but one which will require your organization to have in place the policies, procedures and compliance documentation which can be prepared with the aid of this toolkit.
What to expect
Complete (or oversee completion of) the following four steps that are fully described in this Toolkit:
The toolkit offers detailed analysis and reports to measure, track and demonstrate your organization’s compliance across mandated privacy and security regulations. Below are several snapshots of the reports included:
Total Cost $2,495
Includes comprehensive Privacy and Security Compliance Toolkit, as well as two hours of senior-level, individualized consulting assistance.
Please click here to go to the EHNAC Privacy and Security Toolkit Order form, or fill out the below to be contacted to discuss the toolkit with DirectTrust.
Or for additional information about the toolkit, contact Accreditation@DirectTrust.org or call Susan Flynn, Operations Manager at 860-408-1620.
*NOTE: Customization of these materials alone will not make your organization compliant. Your organization must abide by the implemented procedures. Doing so will ensure that your organization handles sensitive health information in the most secure manner possible.