Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy & Procedure Writing

Published byRuby Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "Policy & Procedure Writing"— Presentation transcript:

1 Policy & Procedure Writing

2 Objectives Identify key elements to include in a Policy and a Procedure (P&P)‏ Outline key sections of a P&P Posting & implementing P&Ps Tie these elements into writing HIPAA P&Ps in your organization

3 Value of Consistent P&Ps
Support consistent organizational processes Training source for workforce Proof of intent/good faith Risk management

4 Housekeeping Use present tense
Avoid the words “will”, “could”, and “should” Start sentences with an action word Example: The Security Officer will train all workforce members vs. The Security Officer trains all workforce members The system is backed up nightly Back up the system nightly

5 Housekeeping Make it easy to understand for everyone to whom the policy applies (avoid legal ease)‏ Number each page Header with title 12 font

6 Housekeeping Use a Template P&P Table of Contents Number all points
Use outline formatting Limit each point to 1 or 2 sentences Flowchart/Mind map

7 What is a Policy? Guideline, goal, position of the organization
“What” and “why” of an operation, function, decision, or procedure (objective)‏ Address the law requirements Organizational Federal State Other

8 Responsible for Implementation
Who rolls out and monitors that the P&P is followed? Department issuing the policy Privacy and/or Security Officer May be the author List departments and roles, not names

9 Applicable to Who is required to follow or perform the tasks outlined in the P&P? Who does it affect? What departments? Which facilities? What systems? Other organizations?

10 Violations of the P&P Include steps taken when a violation of the P&P is reported/noted Consider action plans for violations committed by workforce members, business associates, business partners, etc. Refer to Sanction or Disciplinary Action policy

11 Purpose (Not Required)‏
Reason for the P&P Why written Scope (Not Required)‏ Broad general statements outlining to whom or in which situations the procedure applies

12 Key Definitions Include definitions for important terms used
Legal Technical Open for interpretation List definitions alphabetically

13 What is a Procedure? Describes specifically “how” to accomplish the policy Defines “how it is done” Step-by-step how to accomplish a task Sequential Recommendation: Flowchart/Mind Map

14 Authors of the P&P List authors Include date signed
Other considerations Include “Revised by” (for future changes to policy)‏ Place on a separate Signature page

15 Attachments to Policy Forms Checklists Training Tools Examples
Flowcharts

16 Reviewed By Individuals with authority over the P&P Not the author
Department chair, medical director, manager, supervisor, etc. Not the author May also be used for future reviews of P&P (no changes made when reviewed)‏ Include date signed Consider placing on Signature page

17 Applicable Standards/ Regulations
List all standards, regulations, laws, statutes, etc. that apply to the P&P

18 Sources References used as a basis to write the P&P
Examples: AHIMA, NIST, Phoenix Health Systems, etc. Other P&Ps Include the following: Document title Author Date published

19 Other Considerations Have a P&P standardizing how to write, revise, post, and train P&Ps in your organization One person/department/team maintains all P&Ps P&P numbering 4-digit number (01-04)‏ 1st two are issuing dept. # 2nd two are policy # Master Index

20 Other Considerations Inform all new employees of how to access and follow P&Ps Use P&Ps to train those that need to follow them May need to refine procedures at departmental level Other regulation/law requirements

21 Prior to Posting… Request team member and key workforce members it affects to review Verify it identifies who, what, where, when, why, & how Confirm all attachments are addressed within the P&P

22 Prior to Posting… Check formatting Review accuracy of page numbering
Confirm page numbering is correct in Table of Contents Do a spell check

23 Steps For Posting Post where all may access Notification Intranet
Shared drive Binder in central location Notification management/workforce Post on notification board(s)‏

24 Review Schedule Review annually and as changes occur
Determine who is responsible to review (ex. author)‏ Post changes and notify of changes

25 Maintain Documentation
HIPAA: Maintain all versions for minimum of 6 years from last date in effect Hard copy or electronic Other regulations may require storing for extended periods of time

26 HIPAA P&P Writing: Before You Start
Locate existing, overlapping P&Ps Get help from departments affected by the P&P High level Workforce Experts

27 Read the Regulations Find overlapping in the Privacy & Security Rule and combine the P&Ps Find overlapping across implementation specifications within each particular rule and combine them into one P&P

28 HIPAA COW Security P&P Grid
Click on “HIPAA COW Documents & Forms” Select “Security Documents” Accept the Disclaimer Open the “Security Rules P&P Grid” document

29 P&P Writing Resources HIPAA COW: www.hipaacow.org AHIMA: www.ahima.org
Policy template Click on “HIPAA COW Documents & Forms” Select “Security Documents” Accept the Disclaimer Open the “Security Policy Template” document List of other resources Click on “Other HIPAA COW Resources” Open “Security Policies and Procedures” document AHIMA:

30 System Access Policy 164.308a3iiB Workforce Clearance Procedure
a3iiC Termination Procedures a4ii Isolating HC Clearinghouse Function a4iiB Access Authorization a4iiC Access Establishment & Modification a5iiD Password Management

31 System Access Policy Continued…
b Workstation Use c Workstation Security a2i Unique User Identification a2iii Automatic Logoff d Person or Entity Authentication

Download ppt "Policy & Procedure Writing"

Similar presentations

How Will it Help Me Do My Job?

How Will it Help Me Do My Job?
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
VOTER REGISTRATION AND IDENTIFICATION

VOTER REGISTRATION AND IDENTIFICATION
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.

CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
How to Document A Business Management System

How to Document A Business Management System
Information Security Policies and Standards

Information Security Policies and Standards
Part II Objectives F Describe how policies and procedures are used F Identify different types of P & P F Describe the purpose and components of a Policy.

Part II Objectives F Describe how policies and procedures are used F Identify different types of P & P F Describe the purpose and components of a Policy.
PERSONAL CARE AND NURSING SERVICES PROVIDER MEETINGS 2014.

PERSONAL CARE AND NURSING SERVICES PROVIDER MEETINGS 2014.
Instructions and forms

Instructions and forms
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
© 2012 IBM Corporation Rational Insight | Back to Basis Series Documents and Record Control Liu Xue Ning.

© 2012 IBM Corporation Rational Insight | Back to Basis Series Documents and Record Control Liu Xue Ning.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Similar presentations

Ads by Google