Policy Manual


Documentation Requirements for Security Rule Policy and Procedure      

Type: Policy                 Category: Information Technology                 Level: Community Care 

Parties: Workforce of Community Care

Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=6.ME.29&nonav=yes

Supporting References: HIPAA Security Rule 164:316

Parent Effective Date Approval Level Revision Dates Last Reviewed
N/A  4-1-2005  Board    7-14-2004
Related Document Code Related Document Name Type

Policy:  Community Care will implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of the Security Rule. Community Care may change its security and IT policies and procedures at any time, provided that the changes are documented. This documentation must be in written form, and if an action, activity or assessment is required by the Security Rule, it must also be documented and a written (which may be electronic) record of the action, activity, or assessment must be kept. Community Care must retain the documentation required by this policy for 6 years from the date of its creation or the date when it last was in effect, whichever is later; must make documentation available to those persons responsible for implementing the procedures to which the documentation pertains; and review documentation periodically, and update as needed, in response to environmental or operational changes affecting the security of the electronic protected health information.