Well-written policies, procedures, and the supporting documentation should be written for a specific target audience to provide direction and establish boundaries for acceptable behavior.
When writing policies and procedures, it is important to identify with the reader. Some privacy and information security policies are written without consideration of the target audience, making them difficult to follow or implement.
Our Policy and Procedure Services include:
- Creating privacy, information security, and breach notification policies and procedures using our templates that are 'right-sized' for our customers; large provider organizations to small clinics, and business associates
- Validating that policies match current practices
- Reviewing existing policies and procedures to identify gaps and providing our recommendations for improvement
- Establishing organizational-wide information security policies written specifically for the general workforce
- Creating an Information Technology (IT) Security Manual and Privacy Manual for the policies and procedures written specifically for their target audience
- Policies and procedures are crosswalked to multiple standards and frameworks: HIPAA Privacy Rule, HIPAA Security Rule, the Breach Notification Rule Flow Diagram, Payment Card Industry Data Security Standard, NIST Cybersecurity Framework, HITRUST, Joint Commission applicable standards, ISO/IEC 27001, General Data Protection Requirement (GDPR)