Supremus Group has different HIPAA compliance forms and templates to help you get HIPAA compliant and jumps start your HIPAA compliance projects. Below you will find all the HIPAA compliance tools which will help your organization with your HIPAA compliance project requirements and save you lot of time of your team and thousands of dollars.

  1. HIPAA Security Contingency Plan Template Suite ($1200)
  2. HIPAA Security Policies Template Suite ($495)
  3. HIPAA Privacy Policies & Procedures Template Suite ($300)
  4. HIPAA Risk Analysis Template Suite ($495)
  5. HIPAA Audit Templates Suite ($300)

Total cost: $2500


HIPAA Contingency Plan template suite can be used for Disaster Recovery Planning (DRP) & Business Continuity Plan (BCP) by any organization to comply with requirements of HIPAA, JCAHO, Sarbanes Oxley (SOX), FISMA and ISO 27002. Any organization, large or small, can use this template and adapt to their environment.

  1. Business Impact Analysis (BIA)
  2. Risk Assessment
  3. Selecting and Implementing Recovery Strategies
  4. Contingency Program Policy & Standards
  5. Data Backup and Storage Plan
  6. Disaster Recovery Plan (DRP)
  7. Business Continuity Plan (BCP)
  8. Emergency Mode Operation Plan (EMOP)
  9. DRP & BCP Testing and Revision Plan
  10. Business Resumption Plan examples for depts. like Accounting, Human resources etc
  11. Policies and procedures
  12. Department Disaster Recovery Activation
  13. Recovery Strategies
  14. Training of the Disaster Recovery Team
  15. Testing of the Disaster Recovery Plan
  16. Evaluation of the Disaster Recovery Plan Tests
  17. Maintenance of the Disaster Recovery Plan


Documents in HIPAA Contingency Plan Template Suite:


Sub Section: Conducting a Business Impact Analysis (BIA)


  1. Conducting a Business Impact Analysis (Guide) (23 pages)
  2. Long Version Business Impact Analysis Template (21 pages)
  3. Short Version Business Impact Analysis Template (6 pages)
  4. Applications and Data Criticality Analysis Template (24 pages)
  5. Final Business Unit Report Template includes following sub documents (8 pages)
  6. Department Financial Impact Chart Template (1 page)
  7. Department Operational Impact Chart Template (1 page)
  8. Department Legal/Regulatory Chart Template (1 page)
  9. Final Executive Management Report Template includes following sub documents (23 pages)
  10. Combined Financial Impact Chart Template (2 pages)
  11. Combined Operational Impact Chart Template ( 3 pages)
  12. Combined Legal/Regulatory Chart Template (1 page)
  13. Combined People Over Time Chart Template (3 pages)


Sub Section: Conducting a HIPAA Risk Assessment


  1. Conducting a Risk Assessment (Guide) (15 pages)
  2. Risk Assessment Template (17 pages)
  3. Risk Assessment Worksheet (14 pages)
  4. Executive Risk Assessment Findings Report (15 pages)
  5. Preventative Measures Examples (6 pages)
  6. Final Facility Risk Assessment Report (10 pages)
  7. Executive Report Charts Template (5 Charts) (5 pages)


Sub Section: Selecting And Implementing Recovery Strategies


  1. Implementing Recovery Strategies includes following sub documents (15 pages)
  2. Contingency Planning Process (8 pages)


Sub Section: Sample Documents


  1. Example of Completed Long Version BIA (24 pages)
  2. Example of Completed Short Version BIA (4 pages)
  3. Example of Completed App & Data Criticality Analysis (39 pages)
  4. Example of Completed Business Unit Final Report (8 pages)
  5. Example of Charts to support Business Unit Final Report (3 Charts) (3 pages)
  6. Example of Completed Executive Management Report (40 pages)
  7. Example of Completed Risk Assessment (17 pages)
  8. Example of Completed Final Risk Assessment Report (16 pages)
  9. Example Completed Risk Assessment Worksheet (14 pages)


Sub Section: Contingency Program Policy & Standards


  1. Business Impact Analysis Policy includes following sub document (12 pages)
  2. Business Impact Analysis Standard (14 pages)
  3. Risk Assessment Policy includes following sub document (11 pages)
  4. Risk Assessment Standard (11 pages)
  5. Contingency Planning Policy includes following sub documents (10 pages)
  6. Disaster Recovery Planning Standard (69 pages)
  7. Emergency Mode Operation Plan Standards (14 pages)
  8. Business Resumption Planning Standards (20 pages)
  9. Testing and Revision Policy will includes following sub documents (17 pages)
  10. Testing & Revision Standards (14 pages)
  11. Data Backup Plan Policy Template will include following sub documents (15 pages)
  12. Data Backup Standard (8 pages)
  13. Training & Awareness Standard (7 pages)
  14. Instructions on how to update all standards (3 pages)


Sub Section: Appendix Documents (Help Guides / Templates)


  1. Types of Contingency Plans (9 pages)


Sub Section: Data Backup and Storage Plan


  1. Data Backup Plan (DBP) Template (18 pages)
  2. Data Backup Plan (DBP) development Guide (11 pages)


Sub Section: Disaster Recovery Plan


  1. Application Recovery Template (23 pages)
  2. Application Recovery Plan Development Guide (18 pages)
  3. Network Recovery Template (20 pages)
  4. Network Recovery Plan Development Guide (15 pages)
  5. Database Recovery Template (19 pages)
  6. Database Recovery Plan Development Guide (16 pages)
  7. Server Recovery Template (19 pages)
  8. Server Recovery Plan Development Guide (15 pages)
  9. Telecommunications Recovery Template (19 pages)
  10. Telecom Recovery Plan Development Guide (17 pages)
  11. Disaster Recovery Plan Overview (38 pages)
  12. Disaster Recovery Plan Development Guide (17 pages)


Sub Section: Emergency Mode Operation Plan


  1. Dept. Business Resumption Plan Template (16 pages)
  2. Emergency Operation Plan (18 pages)
  3. Emergency Mode Operation Planning Standards (38 pages)
  4. Emergency Mode Operations Plan Development Guide (11 pages) Sub Section: Testing And Revision Plan
  5. Testing and Revision Program including following sub documents (18 pages)
  6. Business Unit Test Plan (16 pages)
  7. Business Unit Test Plan Development Guide (10 pages)
  8. Technology Test Plan (18 pages)
  9. Technology Test Plan Development Guide (10 pages)
  10. Test Schedule (2 pages)
  11. Business Unit Plan Audit Checklist (6 pages)
  12. Application Plan Audit Checklist (7 pages)
  13. Database Plan Audit Checklist (6 pages)
  14. Disaster Recovery Audit Checklist (6 pages)
  15. Network Plan Audit Checklist (6 pages)
  16. Server Plan Audit Checklist (6 pages)
  17. Telecom Plan Audit Checklist (6 pages)
  18. Audit Notification Memo (1 page)
  19. Plan Audit Final Report Template (1 page)
  20. Test Notification Memo (1 page)
  21. Type of Tests (1 pages) Sub Section: Sample Documents
  22. Example of Completed Data Backup Plan (18 pages)
  23. Example of Completed Disaster Recovery Plan (38 pages)
  24. Example of Completed Application Recovery Plan (23 pages)
  25. Example of Completed Emergency Mode Op Plan including following sub documents:
  26. Accounting EMOP (42 pages)
  27. BIOMED EMOP (37 pages)
  28. Corporate Communications EMOP (38 pages)
  29. Emergency Services EMOP (37 pages)
  30. Facilities & Security EMOP (38 pages)
  31. Human Resources EMOP (38 pages)
  32. Laboratory EMOP (38 pages)
  33. Materials Management EMOP (38 pages)
  34. Pharmacy EMOP (37 pages)
  35. Surgery EMOP (36 pages)
  36. Example Business Unit Test Plan (14 pages)
  37. Example Technology Unit Test Plan (16 pages)
  38. Example Test Schedule (2 pages)
  39. Example Audit Notification Memo (1 page)
  40. Example Business Plan Audit Checklist (6 pages)
  41. Example Final Audit Report (2 pages)
  42. Example Audit Follow Up Memo (1 page)
  43. Example Test Notification Memo (2 pages)



The final HIPAA Security rule published on February 20, 2003 requires that healthcare organizations create policies and procedures to apply the security requirements of the law – and then train their employees on the use of these policies and procedures in their day-to-day jobs.

HIPAA rule has very specific requirements with regard to creating, implementing, or changing Policies and Procedures. “Standard: Policies and Procedures — A covered entity must implement policies and procedures with respect to protected health information that are designed to comply with the standards, implementation specifications, or other requirements of this subpart. The policies and procedures must be reasonably designed, taking into account the size of and the type of activities that relate to protected health information undertaken by the covered entity, to ensure such compliance. This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirement of this subpart.”

We have developed 67 HIPAA security policies which include 56 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklist and forms as supplemental documents to the required policies. These policies meet the challenges of creating enterprise-wide security policies. The suite addresses all major components of the HIPAA Security Rule and each policy can be adopted or customized based on your organization’s needs.

I. Policies on the Standards for Administrative Safeguards


  1. Breach Notification Policy
  2. Security Management Process
  3. Risk Analysis
  4. Risk Management
  5. Sanction Policy
  6. Information System Activity Review
  7. Assigned Security Responsibility
  8. Workforce Security
  9. Authorization and/or Supervision
  10. Workforce Clearance Procedure
  11. Termination Procedures
  12. Information Access Management
  13. Access Authorization
  14. Access Establishment and Modification
  15. Security Awareness & Training
  16. Security Reminders
  17. Protection from Malicious Software
  18. Log-in Monitoring
  19. Password Management
  20. Security Incident Procedures
  21. Response and Reporting
  22. Contingency Plan
  23. Data Backup Plan
  24. Disaster Recovery Plan
  25. Emergency Mode Operation Plan
  26. Testing and Revision Procedure
  27. Applications and Data Criticality Analysis
  28. Evaluation
  29. Business Associate Contracts and Other Arrangements


II. Policies on the Standards for Physical Safeguards


  1. Facility Access Controls
  2. Contingency Operations
  3. Facility Security Plan
  4. Access Control and Validation Procedures
  5. Maintenance Records
  6. Workstation Use
  7. Workstation Security
  8. Device and Media Controls
  9. Disposal
  10. Media Re-use
  11. Accountability
  12. Data Backup and Storage


III. Policies on the Standards for Technical Safeguards


  1. Access Control
  2. Unique User Identification
  3. Emergency Access Procedure
  4. Automatic Logoff
  5. Encryption and Decryption
  6. Audit Controls
  7. Integrity
  8. Mechanism to Authenticate Electronic Protected Health Information
  9. Person or Entity Authentication
  10. Transmission Security
  11. Integrity Controls
  12. Encryption


IV. Organizational Requirements


    1. Policies and Procedures
    2. Documentation
    3. Isolating Healthcare Clearinghouse Function
    4. Group Health Plan Requirements


V. Supplemental Policies for Required HIPAA Policies


      1. Wireless Security Policy
      2. Email Security Policy
      3. Analog Line Policy
      4. Dial-in Access Policy
      5. Automatically Forwarded Email Policy
      6. Remote Access Policy
      7. Ethics Policy
      8. VPN Security Policy
      9. Extranet Policy
      10. Internet DMZ Equipment Policy
      11. Network Security Policy



A covered entity is required to develop and implement policies and procedures appropriate to the entity’s business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;” – HIPAA Privacy Rule 45 CFR Part 160

Following are the 51 policies, forms and procedures included in the HIPAA Privacy Policy & procedures template suite. The policies can be used by any covered entity. All policies are available in MS Word format and can be easily modified as per your requirements. Each template is presented in a standard format reflecting critical organizational functions to consider in HIPAA remediation.

These HIPAA policies cover all the major areas like:


      1. General policies regarding use and disclosure of PHI
      2. Minimum necessary rule for use and disclosure of PHI
      3. Patient rights regarding their own PHI
      4. Uses and disclosures not requiring patient authorization
      5. Special cases for restriction of uses and disclosures of PHI
      6. Organizational issues and safeguards


The templates suite includes following HIPAA Privacy policies and procedures.


      1. Accept Access Request
      2. Accounting for Disclosures
      3. Acknowledgement of Receipt
      4. Amendment to Record Form
      5. Authorization for Release of Information
      6. Authorization Form Release by Organization
      7. Authorization Form Release to Organization
      8. Avert Serious Threat to Safety
      9. Business Associate Contract
      10. Business Associate Contract Health Plan
      11. Complaint Process
      12. De-identified Information and Limited Data Sets
      13. Denial Access Request
      14. Denial Request to Amend Form
      15. Designated Record Set Example Provider
      16. Designated Record Set Health Plan
      17. Disclosure of Medical Information
      18. Disclosures Record Form
      19. Document Retention
      20. Employee Confidentiality Agreement
      21. General Release of PHI for TPO and Other Purposes
      22. Health Plan Notice of Privacy Practices
      23. HIPAA Accept Amend Request Form
      24. Minimum Necessary
      25. Multi-Organization Arrangements
      26. Notice of Privacy Practices
      27. Privacy Officer
      28. Release by Whistleblowers
      29. Release for Abuse Neglect or Domestic Violence
      30. Release for Confidential Communications
      31. Release for Fundraising Purposes
      32. Release for Judicial or Administrative Proceedings
      33. Release for Law Enforcement
      34. Release for Marketing Purposes
      35. Release for Research Purposes
      36. Release for Specific Government Functions
      37. Release for Workers Compensation
      38. Release of Information for Deceased Patients or Plan Members
      39. Release of Information for Legal Purposes
      40. Release of Information to a Minor
      41. Release of Information to a Minor’s Parents
      42. Release of Information to Friends and Family Members
      43. Release of Psychotherapy Notes
      44. Release to Patient or Plan Member
      45. Request Confidential Communications Template
      46. Request for Amendment
      47. Request Restrictions
      48. Requests for Restriction
      49. Right to Object to Release for Certain Purposes
      50. Training Requirements
      51. Workforce Sanctions



Risk Analysis is often regarded as the first step towards HIPAA compliance. Risk analysis is a required implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1). Covered entities will benefit from an effective Risk Analysis and Risk Management program beyond just being HIPAA compliant. Compliance with HIPAA is not optional… it is mandatory, to avoid penalties.

Objective of HIPAA Security Risk Analysis/Assessment:

The overall objective of a HIPAA risk analysis is to document the Potential risks and vulnerabilities to the confidentiality, integrity, or availability of electronic protected health information (ePHI) and determine the appropriate safeguards to bring the level of risk to an acceptable and manageable level. It helps in ensuring that controls and expenditure are fully commensurate with the risks to which the organization is exposed

List of documents in HIPAA Security Risk Analysis Template

      1. Asset Inventory Worksheet
      2. Risk Analysis Checklist
      3. Risk Analysis Sample Final
      4. Risk Analysis Template
      5. Risk Assessment Executive Presentation
      6. Threat Matrix Worksheet
      7. Threat Matrix Worksheet



The HIPAA Security Rule requires organizations, at a minimum, to conduct periodic internal audits to evaluate processes and procedures intended to secure confidential or “protected health information” (PHI) (45 CFR 164.308(a)(8)). It is often advisable to seek an external review or audit but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose behind the audit is to determine if an organization has properly documented administrative, physical and technical security practices, policies, and procedures and generally meets the requirements of the rule.

Objective of HIPAA Audit and Evaluation for Compliance The objective of HIPAA Audit includes the following activities:

      1. Assess if all vulnerabilities have been addressed.
      2. Verify that all compliance requirements have been met.
      3. The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.


List of documents for HIPAA Audit Template:


      1. HIPAA Comprehensive Audit Checklist
      2. HIPAA Privacy & Security Audit Report – Sample
      3. HIPAA Security Abbreviated Audit Checklist final
      4. HIPAA Security Audit Executive Presentation
      5. Information Security Audit Template

Total cost: $2500
Buy Now

All the templates come in Microsoft Word/excel files so you can add, change and delete content as required to complete your privacy policies. If you have any questions, or if you wish to see additional samples, please feel free to contact us at Sales@hipaaprivacypolicies.com or call on (515) 865-4591. You can also buy individual HIPAA template suites, which are available in our online HIPAA store for purchase.

HIPAA Contingency Plan Overview and ROI

HIPAA Security Policy Overview & ROI

HIPAA Privacy Policy Overview & ROI

Supremus Group has different HIPAA compliance forms and templates to help you get HIPAA compliant and jumps start your HIPAA compliance projects.
4.6 based on 84 reviews
$2500 New
Show Buttons
Hide Buttons
Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin