Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is an act intended to allow individuals to more easily transfer healthcare information from one insurer or provider to another, while keeping that information protected and confidential.

Over the course of its lifetime, HIPAA has been developed and expanded to address and clarify various issues that have arisen. This has led to the HIPAA Security Rule, the Patient Safety and Quality Improvement Act (which produced the Patient Safety Rule), and, most recently, the implementation of ARRA-HITECH. HIPAA, itself, has come to refer primarily to the Privacy Rule, which is what this article will cover.

HIPAA establishes regulations concerning Protected Health Information (PHI), Individually Identifiable Health Information (IIHI), and Personal Health Records (PHR); and it applies to any body, organization or company accessing, handling or utilizing PHI, IIHI or PHR.

HIPAA regulations require employers to:

implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements [included in this Standard]… A[n employer] may change its policies and procedures at any time, provided that the changes are documented…

See STANDARD§ 164.316(a)

In addition to implementing compliant policies and procedures, HIPAA regulations stipulate that: employers retain this documentation for a minimum of 6 years; employers make this documentation available to employees; and employers review, update and redistribute policies and procedures periodically.

To comply with HIPAA’s Privacy Rule regulations, an employer is advised to:

  • Create and deliver annual employee training on HIPAA regulations and guidelines
  • Develop and distribute robust security, document disposal, and end-of-day clean-up policies and procedures;
  • Collect employee attestations to maintain HIPAA standards and abide by any applicable policy and procedures;
  • Implement a system to deliver policy or procedure updates to employees in a timely fashion and secure acknowledgment of their receipt.

    How DocRead can help

    DocRead is compliance software that enables an employer to distribute documentation to a specific user group, receive certification that it has been read, and monitor the progress of the document’s receipt.

    DocRead makes the daunting task of distributing HIPAA compliant documents to employees easy. It creates a simple, paperless means of recording employee acknowledgement of, and agreement to, policies, procedures and training.

    Once you select a document to distribute and a user group to receive it, employees in the user group will be required to read the document and certify that they agree with and understand all elements of the policy, procedure or training.

    The certification message is fully customizable, allowing you to tailor the message for each document to meet your specific requirements. Each employee must check the 'I agree' box and then click the 'confirm' button for the task to be considered complete.

    When employees have acknowledged their acceptance of the policy, they receive a time-stamped reading receipt that they may download or print for their records. The reading receipts are also securely stored in a central database, allowing quick access in case of audit or document request.


    Should you require that a policy or notification be printed out, DocRead allows for the document to be opened in an application (such as MS Word, Adobe Reader, etc.) and printed out by the employee.

    DocRead reading reports can be used to monitor the progress of policy acceptance, clearly showing how many policies have been assigned, completed or are overdue.

    DocRead can help

    DocRead has been helping our customers managing their policies and procedures in SharePoint for over 12 years.