Overview
Daniel Gottlieb said that, while it is easy to find templates for privacy policies to comply with HIPAA, it is harder to find HIPAA-compliant security policy templates because the law’s standards are very broad and their implementation depends on the specific technology used at each medical practice. Mr. Gottlieb advises clients to be specific when drafting security policies and procedures: for example, when requiring data backup to be in compliance, specify how often the backup is to be done, where backed files are stored and how long they are retained. The same goes for document destruction standards. Read the full article
