Free HIPAA Resources

It is my goal to see your organization thrive!
Providing free resources is one way I achieve this goal. When a valuable resource is located; information and links will be posted here. Be sure to check back often and save this page to your favorites.

Free Security Risk Assessment Tool

HIPAA requires covered entities and business associates to conduct a risk assessment. A risk assessment ensures that your organization has correctly implemented the administrative, physical, and technical safeguards required by the Security Rule. The risk assessment, as well as the required subsequent reviews, helps your organization identify unknown risks. HealthIT.gov provides a downloadable security risk assessment tool. This tool will help your organization conduct a risk assessment. You can access the Security Risk Assessment tool by clicking this link

Using the SRA Tool to Conduct a HIPAA Security Risk Assessment

This course can be accessed for free by using the coupon code FREE. You will learn important information about HIPAA compliance and explore the free SRA tool you can use to conduct a HIPAA Security Risk Assessment. Included in this course is the HIPAA  Compliance checklist. Download the checklist and use it to view your center from a compliance perspective. 

Business Associate Agreement

HIPAA requires you to have a business associate agreement in place for each business associate your organization engages. Recall that a business associate is someone who performs a function or activity on behalf of, or provides certain services to, your organization that involve access by the business associate to your protected health information. This definition does not include a person (employee or volunteer) in your workforce. HIPAA  generally requires covered entities to enter into contracts with their business associates to ensure that the business associate appropriately safeguards protected health information.

Click this link to visit the HHS site, copy the free business associate agreement, and customize it for your organization!

Also, you might find that many business associates already have a business associate agreement. If this is the case, have the agreement reviewed by your center’s legal team to ensure it meets all the requirements of HIPAA. Maintain a copy of the agreement as part of your ongoing compliance documentation.

Free Notice of Privacy Practices

Meeting the ongoing demands of compliance can be a challenge. Currently, the HIPAA Privacy Rule requires covered entities to provide a Notice of Privacy Practices to anyone who requests one, not just your clients. The Privacy Rule outlines the requirements that must be included in the notice. The good news is that the Department of Health and Human Services provides one. Click this link to download an editable version in English or Spanish.  The notice contains the required information, but you will need to customize it for your center. Be sure to read the entire document and adjust names, titles, dates, etc.