HIPAA/HITECH Required Documents & Forms

When it comes to HIPAA compliance documentation, it is important for any covered entity to make sure that all of required documents and forms are updated and accessible by staff members when necessary. Take a look at some of the best documentation practices described in this section. We have provided details about required forms and documents every practice must have, as well as some of the most important technical tools and agreements that every business owner should consider.

It is also important to understand that just like health records, compliance documents containing protected health information or policies that govern your use and disclosure of protected health information must be stored for a period of 6 years.

The following documents should be used to avoid any inadvertent disclosure or inappropriate use of protected health information. Having the following policies and procedures in writing is one simple step you can take to protect your practice from fines and penalties in the event of an audit.

In order to avoid HIPAA violations, there are various forms that must be made available to members of workforce of any covered entity under HIPAA. The law requires that some of these documents, such as Policy & Procedures and Breach Notification Tools are accessible by staff members all any times, since these forms and documents must be used to ensure compliance.

Sample of HIPAA Compliance Binder Offered to Members of Our Network


Technical Tools

Contingency Plan Procedure

Data Backup Plan

Destruction Policy

Internet Security Policy

Password Tips for Securing Electronic Data

Policy & Procedures Manual (P&P)

Business Associate Forms

Business Associate Agreement

Business Associate Contract and Data Access Log

Business Associate Inappropriate Disclosure Log

Employee Report of HIPAA Violation by Business Associate

Employee Forms

Employee Confidentiality Agreement

Employee Data Access Log

Employee HIPAA Privacy and Security Rules Acknowledgment

Employee HIPAA Violations Log

Employee Termination Checklist

HIPAA Compliance Officer Duties

HIPAA Compliance Officers

HIPAA Patient Contact Person

HIPAA Privacy Officer Duties

HIPAA Security Officer Duties

HIPAA Compliance Training

HIPAA Compliance Training Cards

HIPAA Employee Training Log

Patient Forms

Acknowledgment of Receipt of HIPAA Notice of Privacy Practices

Authorization for Release of Psychotherapy Notes

Authorization to Use or Disclose PHI for Marketing, Fundraising or Sales

Patient Authorization for Release of PHI

Patient Complaint

Patient Complaint Log

Patient Record Access Request

Patient Request for Accounting of PHI Disclosures

Patient Request Log

Patient Request(s) Regarding Health Care Records

Report of Non-Routine Disclosures

Response to Patient Record Access Request

Response to Patient Regarding Request to Amend Records

Office Forms

Fax, Photocopy and Email Procedures

Good Faith Efforts Compliance Log

Hardware and Software Inventory and Destruction Log

Record Retention and Purge Log

Release of Information via Fax Transmission

Worksite/Office Procedure

HITECH Breach Tools

Breach Notification Log

Breach Notification- Notice to lndividual(s)

Breach Risk Assessment Tool

Consumer Checklist- Medical Identity Theft

Why HIPAA Compliance Training is Important

By |October 21st, 2015|Categories: HIPAA Training|

Why HIPAA Compliance Training is Important HIPAA Compliance is an ongoing process and one of the most important aspects of it is making sure that your staff members participate in compliance training and awareness [...]

Comments Off on Why HIPAA Compliance Training is Important

HIPAA Rules: Back to the Basics

By |October 7th, 2015|Categories: HIPAA Privacy|

HIPAA Rules: Back to the Basics The Health Insurance Portability and Accountability Act (HIPAA) is a complex piece of legislation that has undergone many additions and revisions since it was signed into law in [...]

Comments Off on HIPAA Rules: Back to the Basics

HIPAA Privacy Rule: Reviewing the Fundamentals

By |October 7th, 2015|Categories: HIPAA Compliance Requirements, HIPAA Privacy, Notice of Privacy Practices|

HIPPA Privacy Rule: Reviewing the Fundamentals Almost 20 years ago, the Health Insurance Portability and Accountability Act was signed into law to provide for the continuity of individuals’ health insurance coverage and to increase [...]

Comments Off on HIPAA Privacy Rule: Reviewing the Fundamentals