Documentation Requirements

The HIPAA Security Rule includes several required tasks regarding documentation of your HIPAA Security Rule policies and procedures. The requirement is that agencies maintain the policies and procedures implemented to comply with the Security Rule in written and/or electronic form and if an action, activity, or assessment is required to be documented, it is to be done so in written or electronic format.

There are 3 requirements for your documentation;

• Retain the documentation required for 6 years from the date of its creation or the date when it was last in effect, whichever is later.
• Make documentation available to those persons responsible for implementing the procedures to which the documentation pertains.
• Review documentation periodically, and update as needed in response to environmental or operational changes affecting the security of EPHI.

That's it! We're done! You deserve a gold star if you've gotten this far. More importantly, if you've met all of these requirements your agency is HIPAA Security Rule compliant. Congratulations!

I will continue to use this Blog to answer HIPAA related questions and distribute any new related information. I hope this Blog has been useful in making your agency compliant with the HIPAA Security Rule.