|
6.ME.29 |
Documentation Requirements for Security Rule Policy and Procedure
|
Type: Policy
Category: Information Technology
Level: Community Care
Parties: Workforce of Community Care
Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=6.ME.29&nonav=yes
Supporting References: HIPAA Security Rule 164:316
|
Parent |
Effective Date |
Approval Level |
Revision Dates |
Last Reviewed |
|
N/A |
4-1-2005
|
Board
|
|
7-14-2004 |
|
Related Document Code |
Related Document Name |
Type |
Policy: Community Care will implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of the Security Rule. Community Care may change its security and IT policies and procedures at any time, provided that the changes are documented. This documentation must be in written form, and if an action, activity or assessment is required by the Security Rule, it must also be documented and a written (which may be electronic) record of the action, activity, or assessment must be kept. Community Care must retain the documentation required by this policy for 6 years from the date of its creation or the date when it last was in effect, whichever is later; must make documentation available to those persons responsible for implementing the procedures to which the documentation pertains; and review documentation periodically, and update as needed, in response to environmental or operational changes affecting the security of the electronic protected health information.