Supremus Group provides various HIPAA compliance forms, checklists, policies, and templates to help your organization to become a HIPAA compliant organization and to jumps start your organizational HIPAA compliance projects. Below is the list of multipurpose HIPAA Compliance Template Suite that will facilitate your organization to undergo HIPAA compliance projects in a more efficient, fast, and simple way saving you hundreds of valuable manual hours and thousands of dollars.

  1. HIPAA Security Contingency Plan Template Suite ($1200)
  2. HIPAA Security Policies Template Suite ($495)
  3. HIPAA Risk Analysis Template Suite ($495)
  4. HIPAA Privacy Policies & Procedures Template Suite ($300)
  5. HIPAA Audit Templates Suite ($300)

Total cost: $2500

1) HIPAA Security Contingency Plan Template Suite

HIPAA Security Contingency Plan template suite can be used to jumpstart the Disaster Recovery and Business Continuity Plan projects by any organization to comply with requirements of HIPAA, Sarbanes Oxley (SOX), JCAHO, FISMA, and ISO 27002. Any organization, small or large, can make use of this highly proficient and useful HIPAA Compliance template and adapt to its environment.

Please find below the list of projects that can be executed and implemented with the help of the HIPAA Security Contingency Plan template suite

  1. Disaster Recovery Plan (DRP)
  2. Business Continuity Plan (BCP)
  3. Business Impact Analysis (BIA)
  4. Business Resumption Plan examples for depts. like Accounting, Human resources, etc
  5. Risk Assessment
  6. Contingency Program Policy & Standards
  7. Selecting and Implementing Recovery Strategies
  8. Emergency Mode Operation Plan
  9. Data Backup and Storage Plan
  10. DRP & BCP Testing and Revision Plan
  11. Policies and Procedures
  12. Department Disaster Recovery Activation
  13. Recovery Strategies
  14. Testing of the Disaster Recovery Plan
  15. Training of the Disaster Recovery Team
  16. Evaluation of the Disaster Recovery Plan Tests
  17. Maintenance of the Disaster Recovery Plan

Documents in HIPAA Contingency Plan Template Suite:

Sub Section: Conducting a Business Impact Analysis (BIA)

  1. Applications and Data Criticality Analysis Template (24 pages)
  2. Conducting a Business Impact Analysis (Guide) (23 pages)
  3. Long Version Business Impact Analysis Template (21 pages)
  4. Short Version Business Impact Analysis Template (6 pages)
  5. Final Business Unit Report Template includes the following sub-documents (8 pages)
  6. Department Financial Impact Chart Template (1 page)
  7. Department Operational Impact Chart Template (1 page)
  8. Department Legal/Regulatory Chart Template (1 page)
  9. Final Executive Management Report Template includes the following sub-documents (23 pages)
  10. Combined Financial Impact Chart Template (2 pages)
  11. Combined Operational Impact Chart Template ( 3 pages)
  12. Combined Legal/Regulatory Chart Template (1 page)
  13. Combined People Over Time Chart Template (3 pages)

Sub Section: Conducting a HIPAA Risk Assessment

  1. Conducting a Risk Assessment (Guide) (15 pages)
  2. Risk Assessment Template (17 pages)
  3. Risk Assessment Worksheet (14 pages)
  4. Executive Risk Assessment Findings Report (15 pages)
  5. Preventative Measures Examples (6 pages)
  6. Final Facility Risk Assessment Report (10 pages)
  7. Executive Report Charts Template (5 Charts) (5 pages)

Sub Section: Selecting And Implementing Recovery Strategies

  1. Implementing Recovery Strategies includes the following sub-documents (15 pages)
  2. Contingency Planning Process (8 pages)

Sub Section: Sample Documents

  1. Example of Completed Long Version Business Impact Analysis (24 pages)
  2. Example of Completed Short Version Business Impact Analysis (4 pages)
  3. Example of Completed Application and Data Criticality Analysis (39 pages)
  4. Example of Completed Executive Management Report (40 pages)
  5. Example of Completed Final Risk Assessment Report (16 pages)
  6. Example of Completed Business Unit Final Report (8 pages)
  7. Example of Charts to support Business Unit Final Report (3 Charts) (3 pages)
  8. Example of Completed Risk Assessment (17 pages)
  9. Example Completed Risk Assessment Worksheet (14 pages)

Sub Section: Contingency Program Policy And Standards

  1. BIA Policy includes the following sub-document (12 pages)
  2. BIA Standard (14 pages)
  3. Disaster Recovery Planning Standard (69 pages)
  4. Contingency Planning Policy includes the following sub-documents (10 pages)
  5. Risk Assessment Policy includes the following sub-document (11 pages)
  6. Risk Assessment Standard (11 pages)
  7. Testing and Revision Standards (14 pages)
  8. Testing & Revision Policy will include the following sub-documents (17 pages)
  9. Data Backup Plan Policy Template will include the following sub-documents (15 pages)
  10. Data Backup Standard (8 pages)
  11. Training & Awareness Standard (7 pages)
  12. Instructions on how to update all standards (3 pages)

Sub Section: Appendix Documents (Help Guides / Templates)

  1. Types of Contingency Plans (9 pages)

Sub Section: Data Backup and Storage Plan

  1. Data Backup Plan (DBP) Template (18 pages)
  2. Data Backup Plan (DBP) development Guide (11 pages)

Sub Section: Disaster Recovery Plan

  1. Application Recovery Template (23 pages)
  2. Application Recovery Plan Development Guide (18 pages)
  3. Network Recovery Template (20 pages)
  4. Network Recovery Plan Development Guide (15 pages)
  5. Database Recovery Template (19 pages)
  6. Database Recovery Plan Development Guide (16 pages)
  7. Server Recovery Template (19 pages)
  8. Server Recovery Plan Development Guide (15 pages)
  9. Telecommunications Recovery Template (19 pages)
  10. Telecom Recovery Plan Development Guide (17 pages)
  11. Disaster Recovery Plan Overview (38 pages)
  12. Disaster Recovery Plan Development Guide (17 pages)

Sub Section: Emergency Mode Operation Plan

  1. Emergency Mode Operation Planning Standards (38 pages)
  2. Emergency Mode Operations Plan Development Guide (11 pages) Sub Section: Testing And Revision Plan
  3. Business Unit Test Plan Development Guide (10 pages)
  4. Business Unit Test Plan (16 pages)
  5. Dept. Business Resumption Plan Template (16 pages)
  6. Emergency Operation Plan (18 pages)
  7. Testing and Revision Program including the following sub-documents (18 pages)
  8. Technology Test Plan Development Guide (10 pages)
  9. Technology Test Plan (18 pages)
  10. Disaster Recovery Audit Checklist (6 pages)
  11. Database Plan Audit Checklist (6 pages)
  12. Test Schedule (2 pages)
  13. Business Unit Plan Audit Checklist (6 pages)
  14. Application Plan Audit Checklist (7 pages)
  15. Server Plan Audit Checklist (6 pages)
  16. Network Plan Audit Checklist (6 pages)
  17. Telecom Plan Audit Checklist (6 pages)
  18. Audit Notification Memo (1 page)
  19. Plan Audit Final Report Template (1 page)
  20. Test Notification Memo (1 page)
  21. Type of Tests (1 page) Sub Section: Sample Documents
  22. Example of Completed Data Backup Plan (18 pages)
  23. Example of Completed Application Recovery Plan (23 pages)
  24. Example of Completed Disaster Recovery Plan (38 pages)
  25. Example of Completed Emergency Mode Op Plan including following sub documents:
  26. BIOMED EMOP (37 pages)
  27. Accounting EMOP (42 pages)
  28. Emergency Services EMOP (37 pages)
  29. Corporate Communications EMOP (38 pages)
  30. Facilities & Security EMOP (38 pages)
  31. Human Resources EMOP (38 pages)
  32. Laboratory EMOP (38 pages)
  33. Materials Management EMOP (38 pages)
  34. Pharmacy EMOP (37 pages)
  35. Surgery EMOP (36 pages)
  36. Example Business Unit Test Plan (14 pages)
  37. Example Technology Unit Test Plan (16 pages)
  38. Example Audit Notification Memo (1 page)
  39. Example Test Schedule (2 pages)
  40. Example Final Audit Report (2 pages)
  41. Example Business Plan Audit Checklist (6 pages)
  42. Example Audit Follow-Up Memo (1 page)
  43. Example Test Notification Memo (2 pages)

2) HIPAA Security Policy Template Suite

We provide extensive, sturdily, and effectively developed 67 HIPAA Security Template Suite that includes 56 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklists, and forms as supplemental documents to the required policies. These highly effective HIPAA security policies meet the challenges of creating enterprise-wide security policies. The suite addresses all major components of the HIPAA Security Rule and each policy can be adopted or customized based on your organization’s needs.

I. Policies on the Standards for Administrative Safeguards

  1. Risk Analysis
  2. Risk Management
  3. Security Management Process
  4. Sanction Policy
  5. Information System Activity Review
  6. Assigned Security Responsibility
  7. Workforce Security
  8. Authorization and/or Supervision
  9. Workforce Clearance Procedure
  10. Termination Procedures
  11. Information Access Management
  12. Access Authorization
  13. Access Establishment and Modification
  14. Security Awareness & Training
  15. Security Reminders
  16. Protection from Malicious Software
  17. Log-in Monitoring
  18. Password Management
  19. Security Incident Procedures
  20. Response and Reporting
  21. Contingency Plan
  22. Data Backup Plan
  23. Disaster Recovery Plan
  24. Emergency Mode Operation Plan
  25. Testing and Revision Procedure
  26. Applications and Data Criticality Analysis
  27. Evaluation
  28. Business Associate Contracts and Other Arrangements

II. Policies on the Standards for Physical Safeguards

  1. Facility Security Plan
  2. Facility Access Controls
  3. Access Control and Validation Procedures
  4. Contingency Operations
  5. Maintenance Records
  6. Workstation Security
  7. Workstation Use
  8. Device and Media Controls
  9. Disposal
  10. Media Re-use
  11. Accountability
  12. Data Backup and Storage

III. Policies on the Standards for Technical Safeguards

  1. Unique User Identification
  2. Access Control
  3. Emergency Access Procedure
  4. Automatic Logoff
  5. Encryption and Decryption
  6. Integrity
  7. Mechanism to Authenticate Electronic Protected Health Information
  8. Person or Entity Authentication
  9. Transmission Security
  10. Audit Controls
  11. Integrity Controls
  12. Encryption

IV. Organizational Requirements

  1. Policies and Procedures
  2. Documentation
  3. Isolating Healthcare Clearinghouse Function
  4. Group Health Plan Requirements

V. Supplemental Policies for Required HIPAA Policies

  1. Email Security Policy
  2. Automatically Forwarded Email Policy
  3. Wireless Security Policy
  4. Analog Line Policy
  5. Dial-in Access Policy
  6. Remote Access Policy
  7. Ethics Policy
  8. VPN Security Policy
  9. Extranet Policy
  10. Internet DMZ Equipment Policy
  11. Network Security Policy

3) HIPAA Privacy Policy Template Suite

It is vital for a covered entity to build up and implement policies and procedures appropriate to the entity’s business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;” – HIPAA Privacy Rule 45 CFR Part 160

Listed below are the 51 policies, forms, and procedures included in the HIPAA Privacy Policy & procedures template suite. The policies can be used by any covered entity. All policies are available in Microsoft Word format and can be easily customized as per your requirements. Each HIPAA template is presented in a standard format reflecting critical organizational functions to consider in HIPAA remediation.

These HIPAA policies cover all the major areas like:

  1. General policies regarding the use and disclosure of PHI
  2. The minimum necessary rule for the use and disclosure of PHI
  3. Patient rights regarding their own PHI
  4. Uses and disclosures not requiring patient authorization
  5. Special cases for restriction of uses and disclosures of PHI
  6. Organizational issues and safeguards

The templates suite includes following HIPAA Privacy policies and procedures.

  1. Accept Access Request
  2. Accounting for Disclosures
  3. Acknowledgment of Receipt
  4. Amendment to Record Form
  5. Authorization for Release of Information
  6. Authorization Form Release by Organization
  7. Authorization Form Release to Organization
  8. Avert Serious Threat to Safety
  9. Business Associate Contract
  10. Business Associate Contract Health Plan
  11. Complaint Process
  12. De-identified Information and Limited Data Sets
  13. Denial Access Request
  14. Denial Request to Amend Form
  15. Designated Record Set Example Provider
  16. Designated Record Set Health Plan
  17. Disclosure of Medical Information
  18. Disclosures Record Form
  19. Document Retention
  20. Employee Confidentiality Agreement
  21. General Release of PHI for TPO and Other Purposes
  22. Health Plan Notice of Privacy Practices
  23. HIPAA Accept Amend Request Form
  24. Minimum Necessary
  25. Multi-Organization Arrangements
  26. Notice of Privacy Practices
  27. Privacy Officer
  28. Release by Whistleblowers
  29. Release for Abuse Neglect or Domestic Violence
  30. Release for Confidential Communications
  31. Release for Fundraising Purposes
  32. Release for Judicial or Administrative Proceedings
  33. Release for Law Enforcement
  34. Release for Marketing Purposes
  35. Release for Research Purposes
  36. Release for Specific Government Functions
  37. Release for Workers Compensation
  38. Release of Information for Deceased Patients or Plan Members
  39. Release of Information for Legal Purposes
  40. Release of Information to a Minor
  41. Release of Information to a Minor’s Parents
  42. Release of Information to Friends and Family Members
  43. Release of Psychotherapy Notes
  44. Release to Patient or Plan Member
  45. Request Confidential Communications Template
  46. Request for Amendment
  47. Request Restrictions
  48. Requests for Restriction
  49. Right to Object to Release for Certain Purposes
  50. Training Requirements
  51. Workforce Sanctions

4) HIPAA Security Risk Analysis Template Suite

Risk Analysis is often observed as the first step toward HIPAA compliance. Risk analysis is a required implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1). Covered entities will benefit from an effective Risk Analysis and Risk Management program beyond just being HIPAA compliant. Compliance with HIPAA is not optional… it is mandatory, to avoid penalties.

The objective of HIPAA Security Risk Analysis/Assessment:

The overall objective of a HIPAA risk analysis is to document the Potential risks and vulnerabilities to the confidentiality, integrity, or availability of electronic protected health information (ePHI) and determine the appropriate safeguards to bring the level of risk to an acceptable and manageable level. It helps in ensuring that controls and expenditures are fully commensurate with the risks to which the organization is exposed

List of documents in HIPAA Security Risk Analysis Template revised for HITECH Omnibus Rule

  1. Asset Inventory Worksheet
  2. Detailed HIPAA Security Risk Analysis Executive Report
  3. Risk Analysis Checklist
  4. Risk Analysis Template
  5. Risk Assessment Executive Presentation
  6. HIPAA Security Risk Assessment Scorecard
    1. Overview spreadsheet
    2. Administrative safeguard spreadsheet
    3. Technical safeguard spreadsheet
    4. Physical safeguard spreadsheet
    5. Organizational safeguard spreadsheet
  7. Sample Privacy & Security Risk Analysis Executive Report 2013-Short Version
  8. Threat Matrix Worksheet

5) HIPAA Audit Template Suite

The HIPAA Security Rule entails organizations, at a minimum, performing regular internal audits to evaluate processes and procedures intended to secure confidentially or “protected health information” (PHI) (45 CFR 164.308(a)(8)). It is often worthwhile to look for an external review or audit but the necessities of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose of the audit is to ascertain if an organization has properly documented administrative, physical, and technical security practices, policies, and procedures and generally meets the requirements of the rule.

The objective of HIPAA Audit and Evaluation for Compliance

The objective of the HIPAA Audit includes the following activities:

  1. Assess if all vulnerabilities have been addressed.
  2. Verify that all compliance requirements have been met.
  3. The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

List of documents for HIPAA Audit Template:

  1. HIPAA Comprehensive Audit Checklist
  2. HIPAA Privacy & Security Audit Report – Sample
  3. HIPAA Security Abbreviated Audit Checklist final
  4. HIPAA Security Audit Executive Presentation
  5. Information Security Audit Template

Total cost: $2500

Buy HIPAA Compliance Software Template Tool Now


All the HIPAA Templates Suite come in Microsoft Word/excel files so you can add, change and delete the content as required to complete your privacy policies. If you have any questions, or if you wish to see additional samples, please feel free to contact us at or call on (515) 865-4591. You can also buy individual HIPAA template suites, which are available in our online HIPAA store for purchase.

HIPAA Contingency Plan Overview and ROI

HIPAA Security Policy Overview & ROI

HIPAA Privacy Policy Overview & ROI

View HIPAA Security Policies and Procedures