HIPAA Security Rule Documentation Requirements

Modified on Wed, 3 Jul at 9:52 AM

DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.

Per the HIPAA Security Rule, covered entities and business associates must maintain certain documentation. The documentation must include the written policies and procedures implemented to comply with the Security Rule, as well as actions, activities, or assessments the Security Rule requires to be documented. The documentation must be retained for 6 years from the date of its creation or the date when it last was in effect, whichever is later.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article