Step 3: Document processes, findings, and actions

Document in writing, or electronically, your privacy and security policies and procedures.

Specify why and where you have security measures in place, how you created them, and what you do to monitor them. Document everything, including all assessments, precautions, procedures, actions, findings, and processes covered in the 10 Step Plan. Organize your compliance documentation in central locations, so both paper and electronic records can be easily referenced.

Ask yourself if you are keeping records of:

Procedures for distributing privacy practice notices (which should include instructions on how to file complaints and report security concerns)
Security policies and procedures (including written records of required actions, activities, or assessments)
Complaint resolutions
Updates to policies and procedures
Sanctions against workforce members relating to privacy or security issues
Staff training
Business Associate Agreements

Be sure to keep privacy records for six years from creation of a document, or the last effective date. Also, periodically review and update documentation in response to changing conditions that affect the security of PHI.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

Train Senior Leaders in Privacy & Data Security Management

November 13, 2023 No Comments

Managing privacy and data security across an organization requires its own expertise — and adequate training designed for privacy managers is essential. In fact, federal

Here’s Guidance on Privacy Security from Remote Locations

November 13, 2023 No Comments

Remote work presents its own set of security risks, relating to the safe keeping of private information. However, the use of Virtual Private Networks and

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

MyHIPAA Guide 2023 Privacy and Security Course Catalog

June 30, 2021 No Comments

Interested in privacy and security training under the Health Insurance Portability and Accountability Act (HIPAA)? Our course catalog includes more than 25 courses on all

Upcoming Events

Username or Email

Password

Keep me signed in

Lost your password?

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY: (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.