HIPAA Policy | Health Insurance Portability Accountability Procedure

HIPAA Policy 

The HIPAA Policy (Health Insurance Portability Accountability) Procedure describes the background and implications of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

The Health Insurance Portability Accountability Procedure applies to the requirements outlined by the law and the Department of Health and Human Services (DHHS) regulations primarily regarding privacy and confidentiality. Requirements are far-reaching for healthcare transactions and administrative information systems. All healthcare organizations that maintain or transmit electronic health information, which is considered to be sensitive and protected, must comply. (8 pages, 2266 words)

These requirements involve health plans, healthcare clearinghouses, and healthcare providers, from large integrated delivery networks to individual physician offices. A tighter, special protection for psychotherapy notes exists. They also apply to life insurers, billing agencies, information systems vendors, service organizations, and universities.

All employees should use their best efforts to limit the non-consensual use and release of private health insurance and restrict the disclosure of health information to the minimum needed for the intended purpose. Access to health related records by researchers and others should be restricted to authorized personnel only. Patients should have the rights to access their medical records and to know who else has accessed them.

HIPAA policy Responsibilities:

The Controller should oversee the implementation of all privacy controls, training, and compliance coordination.

The Human Resources Manager should be the Benefits and HIPAA Policy Coordinator is responsible for being familiar with the HIPAA policy, ensuring that HIPAA rules and regulations are followed, and making sure that the company complies. According to the more than 1,000 pages of HIPAA regulations, the duties and responsibilities can be assigned to a person in an existing position and do not require having additional staff. The Benefit Coordinator should have the authority and responsibility to maintain records within the guidelines of HIPAA regarding privacy and confidentiality standards.

HIPAA policy Definitions:

Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Also known as the Kennedy-Kassabaum Act, HIPAA amends the Internal Revenue Code of 1986 to limit waste, fraud, and abuse in health insurance and health care delivery and to simplify the administration of health insurance.  Included in the law is a separate section intended to reduce the administrative costs of health care.

Need to Know – A security term used to define access requirements for sensitive or confidential information.  The term implies that only those individuals that have a valid purpose or requirement should be allowed access to the information.

HIPAA policy Activities

  • HIPAA policy Management
  • HIPAA Medical Records Maintenance
  • HIPAA Medical Records Access
  • Additional Information Resources

HIPAA policy Forms


Human Resources Reports Procedure | ADM109

Human Resources Reports Procedure

The Human Resources Reports Procedure provides the format and content requirements for preparation of the Human Resources Report. Your company’s Human Resources Report should be used for hands-on management.

The Human Resources Reports Procedure applies to HR and other personnel required for preparation of the report. (10 pages, 1973 words)

The logistics of preparing summary reports will vary, depending on the systems used and the needs of the company. The objective is to provide an easy recap of the compliance and operating effectiveness of the company that should lead to plans for corrective actions or adjustments. Monthly reports should be considered “exception reports” that provide management the necessary information to understand whether the company is progressing as planned.

If details are not available then use control totals and note on the report any estimates. Follow up with actual results as soon as practical. The preparer should keep in mind that the objective of the report is to provide a quick recap of the status of the Company and not a time-consuming detailed analysis. Leave exhausting details for later analysis as required and make statements easy to read.

Human Resources Reports Responsibilities:

The Controller should be responsible for assuring effective, accurate and informative internal reporting between each department.

The Human Resources Manager is responsible for preparing and maintaining all Human Resources reports.

Human Resources Reports Procedure Activities

  • Preparation Guidelines
  • OHSA Reports
  • EEO-1 Reports
  • Training Plan
  • ERISA Notices
  • Vets-100 Report
  • Hiring Status Report
  • Compensation Summary

Human Resources Reports Procedure Forms

Property Access Control Procedure | ADM106

Property Access Control Procedure

The Property Access Control Procedure establishes guidelines for your company’s access control and protection.

The Property Access Control Procedure applies to all existing and potential company employees, contract workers, visitors and guests of your company. (8 pages, 1141 words)

Property Access Control Responsibilities:

The Controller should be responsible for overseeing access to company property or information.

All Employees are responsible for escorting their visitors and guests at all times. Visitors should not be allowed unattended access to company property or information.

The Receptionist should be responsible for verifying all visitor information before issuing a visitor’s badge.

Property Access Control Procedure Activities

  • Background Checks
  • Physical Access Controls
  • Key Controls
  • Proprietary Information Controls
  • Collection of Access Controls
  • Visitors and Guests

Property Access Control Procedure Forms


Consolidated Budget Reconciliation Procedure COBRA | COM106

Consolidated Budget Reconciliation Procedure COBRA

The company should implement and follow procedures necessary to maintain compliance with the provisions of COBRA to offer extended health insurance coverage to qualified beneficiaries who experience qualifying events. The Consolidated Budget Reconciliation Procedure COBRA identifies COBRA’s legal requirements and ensures your company’s employee or qualified beneficiary meets compliance.

All employers that provide a Group Insurance Plan, and that employ 20 or more employees (full and part-time) on at least 50 percent of its typical business days must extend an offer to continue that group insurance coverage when “qualified beneficiaries” lose coverage due to a “qualifying event”. The law does not apply to the federal government or to churches. (10 pages, 3083 words)

COBRA mandates that employers, that have twenty (20) or more employees, provide for the continuation of health care coverage/insurance from the company’s insurance benefit plan. The employee must have been enrolled in the insurance plan and then suffer a loss of health care benefits for some reason. The loss of health care benefits is usually due to termination of employment. The employee and any dependents that were covered by the health care plan are eligible for COBRA.

It is important to note that COBRA is not an insurance plan and provides no benefit or is not insurance. COBRA is the administrative tool that makes continuation of insurance available to qualified individuals. The insurance coverage available is simply a continuation of the plan that was available when the individual suffered a loss of coverage.

Consolidated Budget Reconciliation Responsibilities:

The Controller should act as the Plan Administrator responsible for overseeing COBRA requirements for compliance.

The Human Resources Manager should also be the Plan Administrator responsible for assisting employees with completing all payroll, pension and benefits forms, answers to questions about their insurance records, or interfacing with accounting regarding their payroll files and for maintaining and distributing the insurance summary plan description (SPD)

The Accounting Manager should be responsible for the receiving and applying all COBRA payments correctly.

Consolidated Budget Reconciliation Definitions:

Group health plan – a plan that provides medical benefits for the employer’s employees and their qualified dependents through insurance or other mediums, such as a trust, health maintenance organization, self funded pay-as-you-go, reimbursement, or combination of those listed. Medical benefits available to COBRA beneficiaries include all health related coverage offered in the group plan. Non-health issues offered in the group insurance plan, such as life insurance, disability, etc., are not offered under COBRA.

Covered employee – an individual who has (or had) coverage under their employer’s group health plan.

Qualified beneficiary – any other individual who, on the day before the qualifying event for that employee, is a beneficiary enrolled in the group insurance plan as a spouse, child, or other qualified dependent of the covered employee. Any child born to or placed for adoption with a covered employee during COBRA continuation coverage is automatically included in the definition of “qualified beneficiary”.

Plan administrator – plan administrator as defined in the Employee Retirement Income Security Act (ERISA).

Consolidated Budget Reconciliation Procedure COBRA Activities

  • COBRA Plan Administration
  • Qualifying COBRA Events
  • COBRA Notice Procedures
  • COBRA Elections
  • COBRA Benefits Protection
  • COBRA Payments
  • COBRA Enforcement

Consolidated Budget Reconciliation Procedure COBRA References

  • Family and Medical Leave Act (FMLA)

Consolidated Budget Reconciliation Procedure Forms


Dress Code Procedure | ADM110

Dress Code Procedure

Every company should expect their employees to abide by a certain Dress Code at all times in order to represent the company properly and to create a professional business environment and attitude. The Dress Code Procedure establishes the criteria for presenting a professional business appearance that is appropriate to the job and situation involved. Enforcing a dress code at your company ensures that customers, clients and other employees feel comfortable doing business with you.

Employees are expected to use their good judgment and common sense in presenting themselves as “appropriate” for their positions. Clothing, hairstyles or personal hygiene should not pose a safety hazard or create an unacceptable appearance. A conservative approach should be used as a guide to deciding whether an article of clothing is appropriate for business situations.

This Dress Code Procedure applies to all employees. All employees are expected to monitor and enforce The company Dress Code to maintain a professional business environment. An example for men would include suits with ties and polished shoes with leather soles. For women, something like a dress or skirt and blouse ensemble. (6 pages, 1593 words)

Dress Code Procedure Activities

  • Dress Code
  • Business Situations
  • Personal Hygiene
  • Disciplinary Action


Mail Express Services Procedure | ADM104

Mail Express Services Procedure

The Mail Express Services Procedure provides the basic information needed to perform mailing functions in an accurate and efficient manner to ensure prompt and reliable delivery.

The Mail Express Services Procedure applies to all incoming and outgoing mail and express services. (6 pages, 961 words)

For General Mail…

All employees should place daily outgoing mail in the outgoing mail bin by 3:30 p.m. Three mail baskets are provided for the processing of outbound mail as follows:

  • Uncompleted Domestic Mail: Mail that requires addressing or stamping.
  • Uncompleted International Mail: Requires research for rates or stamping.
  • Completed Mail: Mail ready for delivery to the Post Office or Mailbox.

For Express Mail…

The U.S. Post Office also has an overnight delivery service, which the company utilizes. Express mail via the post office system is the only express service, which can be delivered to a post office box. A routing form must be completed with the name, address, telephone number of the destination (To) and the originator (From).

Mail Express Services Responsibilities:

The Office Manager is responsible for administrating the office mail procedures. The Office Manager should process all outgoing mail accordingly. They will be responsible for operation of the postage meter and maintaining an adequate postage balance for processing of daily mail. Employees should not operate the postage meter without permission. All incoming mail will be received by the Office Manager who will distribute the mail to each employee’s designated mailbox.

All Employees are responsible for following the office mail procedures.

Mail Express Services Procedure Activities

  • General Mail Usage
  • Addressing Mail
  • Express Mail
  • Overnight Packages
  • Additional Informational Resources

Mail Express Services Procedure Forms