HIPAA Administrative Policy and Procedures: Privacy, Security and Data Integrity

I developed a behavioral health app that includes a therapist locator, mental health health charting, questionnaires, progress measures and analytics. As part of my due diligence I completing HIPAA training, created policies and procedures, and enlisted oversight by a board of directors of a qualified mental health association (non-profit). I think my effort needs periodic review and contrasting with other real world practices. BTW… Microsoft HITRUST is a massive undertaking beyond my association’s size and resources.

  1. Is there an example or a template for openEMR HIPAA Administrative and Security Officers?

  2. Are there people in the openEMR community working on policy and procedures?

I understand that these can be highly sensitive documents. I am certainly willing to submit to a back ground check and sign a BAA.

Mike