Our policies have been written with modern, cloud-based technology vendors in mind. We looked far and wide for policy examples that fit our company, and couldn't find any. So we wrote our own. Importantly, these policies have been through three external audits--two HIPAA audits, and one HITRUST audit.
- Introduction
- HIPAA Inheritance for BloomText Customers
- Policy Management Policy
- Risk Management Policy
- Roles Policy
- Data Management Policy
- System Access Policy
- Auditing Policy
- Configuration Management Policy
- Facility Access Policy
- Incident Response Policy
- Breach Policy
- Disaster Recover Policy
- Disposable Media Policy
- IDS Policy
- Vulnerability Scanning Policy
- Data Integrity Policy
- Data Retention Policy
- Employees Policy
- Approved Tools Policy
- 3rd Party Policy
- Key Definitions
- BloomAPI HIPAA Business Associate Agreement ("BAA")
- HIPAA Mappings to BloomAPI Controls