• Print

Step 2: Plan Your Approach

Information Security Policy Template


The information security policy template can be customized to meet the needs of a practice. Instructions are provided at the beginning of the document to help understand areas that require customization. Once customized, this policy document defines the technical controls and security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity and availability of the practice’s data environment. It serves as a central policy document with which all employees and contractors must be familiar, and defines actions and prohibitions that all users must follow. The policy provides IT managers within the practice with policies and guidelines concerning the acceptable use of practice technology equipment, e-mail, Internet connections, voice-mail, facsimile, future technology resources and information processing.

download file [DOCX 1.29 MB]

Authors and Contributors

Health Information Technology Research Center (HITRC)
Privacy & Security Community of Practice (Toolkit Workgroup)

Use Disclaimer

The material in these guides and tools was developed from the experiences of Regional Extension Center staff in the performance of technical support and EHR implementation assistance to primary care providers. The information contained in this guide is not intended to serve as legal advice nor should it substitute for legal counsel. The guide is not exhaustive, and readers are encouraged to seek additional detailed technical guidance to supplement the information contained herein.

Reference in this web site to any specific resources, tools, products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U.S. Government or the U.S. Department of Health and Human Services.

Comments: (0)