What Every Policy Template Includes
Each policy in the One Guy Consulting library follows a consistent structure so your compliance documentation is organized, auditable, and easy for staff to follow.
Policy Statement & Purpose
Clear statement of what the policy requires and why it exists, referencing the specific HIPAA regulation (e.g., 45 CFR 164.312(a)(1)).
Scope & Applicability
Who the policy applies to: all workforce members, specific roles, or business associates. Customizable to your practice structure.
Step-by-Step Procedures
Actionable steps your team follows to comply. Written in plain language, not legal jargon. Includes who is responsible for each step.
Documentation & Review
What to document, where to store records, and how often the policy must be reviewed. Ensures audit-readiness at all times.
Sample Table of Contents
Below is a representative sample of the policy categories and individual policies included in the One Guy Consulting library. Your gap analysis determines which policies your practice actually needs.
HIPAA Policy Library — Table of Contents
- 1.1 Security Management Process
- 1.2 Risk Analysis and Risk Management
- 1.3 Sanctions Policy
- 1.4 Information System Activity Review
- 1.5 Assigned Security Responsibility
- 1.6 Workforce Security (Authorization and Supervision)
- 1.7 Workforce Clearance Procedures
- 1.8 Termination Procedures
- 1.9 Information Access Management
- 1.10 Security Awareness and Training
- 1.11 Security Incident Procedures
- 1.12 Contingency Plan (Backup, Disaster Recovery, Emergency Mode)
- 1.13 Evaluation
- 1.14 Business Associate Contracts
- 2.1 Facility Access Controls
- 2.2 Workstation Use
- 2.3 Workstation Security
- 2.4 Device and Media Controls
- 2.5 Disposal of PHI Media
- 2.6 Media Reuse
- 3.1 Access Control (Unique User IDs, Emergency Access)
- 3.2 Automatic Logoff
- 3.3 Encryption and Decryption
- 3.4 Audit Controls
- 3.5 Integrity Controls
- 3.6 Person or Entity Authentication
- 3.7 Transmission Security
- 4.1 Notice of Privacy Practices
- 4.2 Uses and Disclosures of PHI
- 4.3 Minimum Necessary Standard
- 4.4 Patient Rights (Access, Amendment, Accounting of Disclosures)
- 4.5 Authorization for Uses and Disclosures
- 4.6 De-Identification of PHI
- 4.7 Marketing and Fundraising
- 5.1 Breach Assessment and Risk Analysis
- 5.2 Individual Notification Procedures
- 5.3 HHS Secretary Notification
- 5.4 Media Notification (500+ individuals)
- 5.5 Business Associate Breach Reporting
- 5.6 Breach Documentation and Log
- 6.1 Business Associate Agreement Management
- 6.2 Vendor Risk Assessment
- 6.3 Employee Onboarding and Offboarding
- 6.4 Remote Work and Telehealth
- 6.5 Mobile Device Management
- 6.6 Social Media and Communications
- 6.7 Complaint and Investigation Procedures
- 6.8 Policy Review and Update Schedule
Note: This is a representative sample. The full library contains 100+ policies organized by HIPAA rule and safeguard category. Your practice may not need all of them — the gap analysis identifies exactly which ones apply to your environment.
How Many Policies Does Your Practice Need?
| Practice Size | Typical Policy Count | Key Factors |
|---|---|---|
| Solo Provider | 15 – 20 policies | Single location, limited technology, few vendors |
| 2 – 5 Employees | 20 – 30 policies | Shared workstations, EHR system, billing vendor, telehealth |
| 6 – 10 Employees | 25 – 35 policies | Multiple roles, more vendors, possible remote access |
| 11 – 20 Employees | 30 – 45 policies | Multiple departments, higher vendor count, mobile devices |
| Multi-Location | 35 – 50+ policies | Facility-specific controls, inter-office data transfer, complex BAA inventory |
Policy Templates by Plan
Full access to the policy template library with self-service customization.
- 100+ downloadable policy templates
- Customization instructions in each template
- Organized by HIPAA rule and safeguard category
- Annual policy review reminders
- Version tracking and update history
Everything in Self-Guided plus hands-on policy customization with a consultant.
- Everything in Self-Guided
- One-on-one policy customization sessions
- Gap analysis identifies which policies you need
- Consultant reviews and finalizes each policy
- Staff training on new policies
- Ongoing policy updates as regulations change
Policy Template Questions
A solo provider typically needs 15 to 20 core policies. A 5 to 10 person practice usually needs 25 to 35. Larger or multi-location practices may need 40 or more. The gap analysis identifies exactly which policies apply to your environment so you are not over-building or missing requirements.
Each template includes a policy statement, purpose, scope, applicable HIPAA regulation reference, step-by-step procedures, workforce responsibilities, documentation requirements, and review frequency. Templates are written in plain language for small practice staff.
Yes. Every template is designed to be customized with your practice name, specific workflows, technology environment, and staff roles. The Full-Scope plan ($1,300/year) includes one-on-one consulting to help you tailor each policy. The Self-Guided plan ($675/year) provides customization instructions within each template.
Yes. One Guy Consulting monitors HIPAA regulatory changes and updates templates accordingly. Both plans include updated templates as part of your annual subscription. You receive notifications when policies in your library are updated.
Ready to Get Your Policies in Order?
Book a free 30-minute intro call. We will review your current policy state and recommend exactly which templates your practice needs.
Book Your Free Intro Call