Agencies have a separate set of HIPAA responsibilities to protect their clients’ privacy. The HIPAA Privacy/Security & HITECH Compliance Package for Agencies, Brokers, Producers and Consultants includes:

• Notice of Privacy Practices (w/GLB language) for Agency to provide to clients
• Business Associate agreement to be used with clients designating the agency as their Business Associates
• Business Associate agreement for the agency to use with third parties that have access to the Agency’s PHI.
• Short, 20 minute powerpoint for agency to use to train their employees
• Model policies and procedures for the agency to adopt for compliance with HIPAA Privacy, HIPAA Security and HITECH
• Model confidentiality language to add to employee agreements to (a) make them aware of their heightened responsibility and (b) the consequences of privacy breaches
• Model authorization/release for individuals to authorize release of PHI to agency
• Sample PHI disclosure tracking sheet
• Sample Breach Notice Letter for Individuals
• Sample Breach Notice to Local Mass Media (for disclosures affecting 500 or more individuals)
• To Do List for HIPAA Security (general threat assessment, steps to take to evaluate concerns, software recommendations for encryption)
• Sample HIPAA Security Sanctions Policy
• Known Deadline/Compliance Target Date
• Encryption guidelines and techniques

HIPAA Privacy/Security & HITECH Compliance Package for Agencies, Brokers, Producers and Consultants is available on a CD-ROM or as a Digital Download. Documents are ready to use in Microsoft Word and Adobe Acrobat PDF format.