We draft policies and procedures required by HIPAA and follow up with training. Your compliance plan should be unique, not simply copied from a similar business. A plan that is not followed is worse than having no plan at all. Violating your own rules can be used as evidence of willful neglect. § 160.306(c)
"A covered entity (CE) must train all members of its workforce on the policies and procedures with respect to PHI ...as necessary... to carry out their functions within the CE." § 164.530(b)(1)
A business associate (BA) must "...implement policies and procedures to
security violations." § 164.308(a)(1)(i)
We help CEs and BAs investigate security incidents and prepare documentation required by HIPAA. § 164.308 (a)(6)
We help entities prepare BA contracts. § 164.504(e)
We prepare documents required by the Breach Notification rule § 164.408 and California Civil Code §§ 1798.29(e) and 1798.82(f).
We can help you prepare responses to federal or state investigation letters seeking further explanation and documents. If OCR has identified deficiencies during a HIPAA complaint investigation, we can help you prepare a corrective action plan report in response to the complaint. § 160.312(a)