Privacy and Security Toolkit

The EHNAC Privacy and Security Toolkit includes a comprehensive set of policies, procedures, forms, best practices and compliance tools and is available for Business Associates and Group Health Plans. Regulatory topics include, but are not limited to, HIPAA/HITECH privacy, security, breach and enforcement. In addition, the EHNAC Privacy and Security Toolkit includes two hours of senior-level, individualized consulting assistance.

The toolkit is available in two versions. One designed for organizations subject to HIPAA/HITECH as a Business Associate and the second specifically customized for employers who sponsor Group Health Plans (coming soon, please call for availability). Business Associates have always been responsible for adherence to the HIPAA Security requirements, but the extent to which Privacy rules apply has been an open question. However, in mid 2019, the Office for Civil Rights clarified the applicable liability for Business Associates as it relates to Privacy requirements. These templates, Risk Assessment materials, draft privacy and security policies and procedures, and other compliance related tools have been updated to reflect the privacy component and aid in HIPAA/HITECH/Cybersecurity compliance specific to the needs of the Business Associate. The Group Health plans (GHP) version provides templates, draft policies and procedures, and other compliance-related resource materials to aid in the specific compliance needs of GHP organizations. The sample Gap Analysis and Risk Assessment materials, policies and procedures include language and sample scenarios that are also customized to the unique business model experienced by the HIPAA GHP type of covered entity.


“Best money we’ve ever spent!”

-Rob Collins, General Counsel, 4-C Health


Getting started

Once the toolkit is purchased and received, an identified person(s) within your company will use the tools and guidance provided in the EHNAC Privacy and Security Compliance Toolkit to customize the policies, procedures and forms, especially for your organization. These materials have been aligned with EHNAC programs for ease of use for those organizations desiring to gain EHNAC program accreditation as well. Gaining accreditation is a separate process, but one which will require your organization to have in place the policies, procedures and compliance documentation which can be prepared with the aid of this toolkit.

What to expect

Complete (or oversee completion of) the following four steps that are fully described in this Toolkit:

privacy and security for healthcare

The toolkit offers detailed analysis and reports to measure, track and demonstrate your organization’s compliance across mandated privacy and security regulations. Below are several snapshots of the reports included:

EHNAC Security Toolkit

Total Cost $2,495

Includes comprehensive Privacy and Security Compliance Toolkit, as well as two hours of senior-level, individualized consulting assistance.


Please click here to go to the EHNAC Privacy and Security Toolkit Order form, or fill out the below to be contacted to discuss the toolkit with EHNAC.

Or for additional information about the toolkit, contact or call Debra Hopkinson, VP of Operations at 860-408-1620.

*NOTE: Customization of these materials alone will not make your organization compliant. Your organization must abide by the implemented procedures. Doing so will ensure that your organization handles sensitive health information in the most secure manner possible.