The policy library | Accountable Docs

The policy library

What's included, how policies map to HIPAA, and how to roll them out.

Accountable ships with a complete HIPAA policy library — the full set required by the Privacy, Security, and Breach Notification Rules. You don't need to write them from scratch; you customize, publish, and run an annual review.

Policy management dashboard inside Accountable showing all policies grouped by category and their publication status

What's included

The library covers the policies an OCR auditor will look for. They're grouped into four buckets:

Administrative

  • Security Management Process
  • Workforce Security and Sanction Policy
  • Information Access Management
  • Security Awareness and Training
  • Security Incident Procedures
  • Contingency Plan and Disaster Recovery
  • Evaluation
  • Business Associate Agreements

Physical

  • Facility Access Controls
  • Workstation Use and Security
  • Device and Media Controls

Technical

  • Access Control
  • Audit Controls
  • Integrity Controls
  • Person/Entity Authentication
  • Transmission Security and Encryption

Privacy and breach notification

  • Notice of Privacy Practices
  • Uses and Disclosures of PHI
  • Patient Rights and Access
  • Minimum Necessary Standard
  • Breach Notification Procedures

Auto-filled details

Each policy template has placeholders for your organization name, address, and designated Privacy Officer. These auto-fill from your org profile when the policy is created. If your Privacy Officer hasn't been assigned yet, you'll see placeholder text prompting you to fill it in.

Publishing your policies

  1. Open a policy

    Click any policy to see the draft.

  2. Edit anything that doesn't match how you actually operate

    Auditors look for policies that match real practices. If you don't actually use a paper-based check-in process, don't leave that paragraph in.

  3. Click Publish

    Publishing locks the version, dates it, and makes it available for policy review by your team.

Bulk publish

If you've reviewed all your drafts and they're ready, you can publish them all at once — or ask Compliance Copilot to "publish all draft policies."

Policy reviews

When you publish a policy, team members are prompted to complete a policy review — acknowledging they've read and understood the updated policy. The Policy Review dashboard (under People & Training) tracks who has completed their reviews and who still needs a reminder. See Policy reviews for details.

Annual review

HIPAA expects you to review your policies at least annually. Accountable tracks publication dates, and Compliance Copilot can help you review what's changed in your environment since last year to determine which policies need updates.

Customizing policy templates

Edit the language, add your specifics, and keep an audit trail.

Generate compliance reports

Bundle your published policies into an evidence pack.
Last updated April 29, 2026
Was this helpful?