Upcoming Webinars

Site Updates


The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Log in

Log in

Administrative Safeguards

Administrative actions and policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's workforce in relation to the protection of that information.

Security Management Process

    • Risk analysis
    • Risk management
    • Sanction policy
    • Information system activity review

Assigned Security Responsibility

    • Select a security official
    • Assign and document the individual’s responsibility 

Workforce Security

    • Authorization and/or supervision
    • Workforce clearance procedure
    • Termination procedures

Information Access Management

    • Isolating healthcare clearinghouse functions
    • Access authorization
    • Access establishment and modification

Security Awareness and Training

    • Security reminders
    • Protection form malicious software
    • Log-in monitoring
    • Password management

Security Incident Procedures

    • Response and reporting 
    • Determine goals of incident response
    • Develop and deploy an incident response team
    • Incorporate post-incident analysis

Contingency Plan

    • Data backup plan
    • Disaster recovery plan
    • Emergency operation plan
    • Testing and revision procedures
    • Applications and data criticality analysis


    • Internal or external evaluation
    • Develop standards and measurements
    • Conduct evaluation
    • Document evaluation and create periodic schedule

Related Policies and Procedures (Available for Yearly Members)

Policy #2: Security Management Process

Policy #3: Assigned Security Responsibility

Policy #4: Workforce Security

Policy #5: Information Access Management

Policy #6: Security Awareness and Training

Policy #7: Security Incident Procedures

Policy #8: Contingency Plan

Policy #9: Evaluation 

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More 

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars.  Members also have access to compliance and billing support.

Join Today 

Find Us

Powered by Wild Apricot Membership Software