Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?

All groups (banks, medical entities, etc.) seem to have to have privacy policies these days. HIPPA is what covers the medical field.

Are you taking one of these courses?
http://www.google.com/search?hl=en&as_q=medical+billing+and+coding&as_epq=&as_oq=&as_eq=&num=10&lr=&as_filetype=&ft=i&as_sitesearch=&as_qdr=all&as_rights=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images
If so, you should be able to find your answers in your very specific study materials and/or textbook.