Pre-flight · personalize your manual

Your Practice

A few facts about your practice that personalize the policy templates throughout HIPAAPath. Every policy template references your practice by name, names a specific person to enforce it, gives a concrete remediation window, and points at the place you archive compliance records. Filling these in once means every template you see from here on out reads like it was written for your practice — not a generic placeholder.

Your answers save automatically and stay on this device. Empty fields just leave the literal placeholder visible so you (and a future auditor) can see what still needs to be filled in.

Your practice’s legal entity or registered DBA name. Used wherever a policy template says [Practice Name].

Whoever investigates security incidents and enforces consequences. For a solo practice that’s typically you; for a small office it’s usually the owner or practice manager.

The window a workforce member has to complete mandatory retraining after a minor infraction. Pick a number that fits your operating rhythm — 5 business days and 14 calendar days are both common.

Where you securely keep personnel files and compliance records for six years. Describe it in the same words you’d use in the policy itself.

Security Official designation · optional

HIPAA’s §164.308(a)(2) standard only asks that you name a security official — typically you in a solo practice, or the owner or practice manager in a small office. The alternate and contact line are operational-resilience extras, not a legal requirement. Fill in whatever’s useful; anything you leave blank simply keeps the bracketed placeholder in your Security Official policy template.

The person responsible for your HIPAA security program. In a solo practice that’s usually you; in a small office, the owner or practice manager. Fills [Security Official Name] in the Security Official policy template.

Who steps in if the primary official is unavailable or leaves the practice. Fills [Alternate Official].

One line — email and phone — so staff know how to reach the security official. Fills [Contact Information].

0 of 4 filled in — the rest will keep showing as bracketed placeholders.

You don’t have to finish in one sitting. Any field you leave empty stays visible as its literal placeholder (e.g. [Practice Name]) in the rendered templates, which is also what an auditor would see. Filling them in just makes the templates read in your practice’s own voice.