Get Started Get Started

Comprehensive for compliance, customizable for security

Customizable HIPAA privacy and security policy templates to help your organization protect patient data and comply with the HIPAA Privacy, Security, and Breach Notification Rules.

Pathway to HIPAA privacy and security policy implementation


Document policies


Implement policies


Review policies

Document policies

Your data is one of your most important assets. Without proper policies in place, your employees may do things to place your data in jeopardy. SecurityMetrics HIPAA privacy and security policies help you with correct documentation on security practices, processes, and policies to protect your organization from data theft and achieve compliance with HIPAA regulations. Our policies include a Business Associate Agreement template to help you and your BAs stay protected.

Implement policies

A policy is only as good as its enforcement. As you implement, share, and monitor privacy and security policy guidelines throughout your organization you may run into questions. SecurityMetrics templates are customizable to match your organization, this helps ensure all necessary points are addressed and you are implementing compliance mandates correctly. SecurityMetrics support representatives work with you to ensure understanding and proper policy implementation.

Review policies

Your privacy and security policies need to be reviewed on a regular basis to ensure they are updated with changes in your business. This also helps ensure your employees don't forget the important policies and procedures. SecurityMetrics is available to periodically help you review policies and revise when necessary.

Top Reasons To Use SecurityMetrics For HIPAA Security Policies

  • Customizable HIPAA Privacy and Security Templates

    All organizations have different processes used to handle, store, or transmit sensitive patient data. SecurityMetrics offers flexible policy templates that allow you to customize privacy and security policies to address specific processes and risks identified during your organization's risk analysis.
  • Comprehensive coverage

    Compliance with the HIPAA standard requires a number of privacy and security policies that address processes throughout your organization. SecurityMetrics HIPAA privacy and security policies include 45 templates that provide a comprehensive policy solution for HIPAA Privacy, Security, and Breach Notification Rules creating the blueprint for your HIPAA compliance efforts.
  • Built to work with existing HIPAA policies and procedures

    Many organizations have already established some of the policies required for HIPAA compliance. SecurityMetrics' flexible templates let you keep your existing policies and implement only the policies missing from your organization—saving you time, money, and headaches that accompany process changes.
  • Designed for Data Security

    We understand that HIPAA compliance is just part of the path toward the ultimate destination of data security. SecurityMetrics policies are designed with a security focus that will help you comply with the HIPAA mandate and create measurable improvements to patient data security.
  • Business Associate Agreement

    Defining expectations and responsibilities with business associates (BA) is crucial for HIPAA compliance. Along with our Business Associate Agreement (BAA) template we provide additional documents that outline the HIPAA requirements for BA, whether a BAA is needed and suggestions on implementation of the policy.

What's Included In Our HIPAA Policy Templates

Patient Rights

  • Accounting of Disclosures of Protected Health Information
  • Amendment of Protected Health Information
  • Complaints
  • Notice of Privacy Practices
  • Patient Access to Protected Health Information
  • Request for Alternative Communication
  • Restrictions to Permitted Uses and Disclosures of Protected Health Information

Uses and Disclosures of Protected Health Information

  • Authorization for Release of Protected Health Information
  • Disclosure of Alcohol and Substance/Drug Abuse Records
  • Marketing and Fundraising
  • Minimum Necessary for Uses and Disclosures of Protected Health Information
  • Responding to Subpoena and Court Order
  • Use and Disclosure of Limited Data Sets
  • Uses and Disclosures of Protected Health Information for Research
  • Uses and Disclosures of Protected Health Information for the Directory
  • Uses and Disclosures of Protected Health Information Permitted and Required by Law without Authorization

General Rules

  • Business Associate and Business Associate Agreement
  • Emailing Protected Health Information
  • Faxing Protected Health Information
  • Personal Representatives
  • Safeguarding and Storing Protected Health Information
  • Verification of Identity and Authority of Persons Requesting Protected

Health Information

  • Administrative
  • Breach of Protected Health Information and Breach Notification
  • De-Identification of Protected Health Information
  • Designed Record Set
  • Privacy Official Designation
  • Sanctions


  • Destruction of Protected Health Information
  • Retention of Protected Health Information
  • HIPAA Information Security Policy
  • Business Associate Compliance Monitoring
  • Business Continuity Plan
  • Business Impact Analysis
  • Data Integrity Procedures
  • Employee Handbook
  • Firewall Configuration Standards
  • Incident Response
  • Job Descriptions
  • Network Time Protocol (NTP) Configuration Procedures
  • Operating Procedures
  • Physical Security Procedures
  • Risk Treatment Proposal
  • Security Awareness Training Procedure
  • Vulnerability Discovery and Risk Ranking
  • Workstation Functions

Here's what our customers are saying

SecurityMetrics updated me, we reviewed office policies, and they gave me educational advice for the practice I manage. They spent a great deal of time with me so I felt confident and comfortable. I feel they went above and beyond. Thank you SecurityMetrics!

Billye Jo Ritchey, Effingham Surgical Associates

SecurityMetrics has been invaluable in guiding our office in the process of HIPAA compliance along with PCI compliance. Every team member has been professional, knowledgeable, and prompt with service. An exceptional experience all around!

Kathleen Arnone, Financial Coordinator, Douglas G. Hammond, DMD, MSD

SecurityMetrics helped me navigate through the maze of compliance issues. Excellent customer service!

Mary Jo Marchionni, Joint Replacement Institute

SecurityMetrics has been a great help to my business and took a great deal off of my shoulders. The staff is terrific to work with. Thank you!

Cheryl Jennings, Priority Medical Billing Service, LLC

SecurityMetrics has taken the worry out of compliance. They worked hand in hand with my Information Technology Specialist providing an action plan after performing an in-depth risk analysis.

Dr. Sandy Sheehan, Cape Fear Podiatry

Templates were pre-made which made it easy for me to write the policies.

Liz Ford, Practice Manager, Vein Center of New Mexico

Request a Quote for HIPAA Policies

We are excited to work with you.


Thank you!

Your request has been submitted.