Achieving HIPAA compliance generally has two halves. The first half includes all technical guidelines, both physical and digital. Encryption, logging, monitoring, backup—these are just a few examples. Since the beginning, Datica has worked every day to take on these technical burdens for our customers.
The second half of HIPAA is focused on administrative and organizational activities, and these are where your company policies come into play. Non-technical guidelines include signing Business Associate Agreements (BAAs), risk management procedures, and policies for training, among many other things. Crafting company policies that align with HIPAA administrative guidelines are straightforward, but an immense burden.
When we were creating our policies, we found several templates for healthcare providers, but nothing for modern health technology companies. We spent a vast amount of time and effort writing our policies, then adapting them to meet the demands of external audits. We don’t want people to reinvent the wheel; trust us, it’s not fun. We also feel a broader community can improve these polices over time, making them better for everybody.
By open sourcing our own company policies, we hope other healthcare companies will benefit. It aligns with our company mission: to help you focus on fixing healthcare without spending all of your time on HIPAA.
The policies are hosted on GitHub, the premier public platform for open-sourced content. To read more, head over to the project’s homepage.
Let us know if you find these useful!