Overview
The policy requires that you create written policies and procedures. The policy also establishes the guidelines for:
- Implementing policies and procedures regarding the security of electronic protected health information.
- Changing any policies or procedures.
- Documenting the policies and procedures.
For more information on security standards, see EBIA’s article;
XXX.F. Policies and Procedures, Documentation Requirements
No specific modifications to this policy are necessary
The following personnel use this policy:
- The security official
- Members of the workforce who are responsible for creating and maintaining policies and procedures
Citations addressed by this policy
- §164.316 (a) – Standard: Policies and procedures
- §164.316 (b)(1) – Standard: Documentation
- §164.316(b)(2)(i) – Time limit (required)
- §164.316(b)(2)(ii) – Availability (required)
- §164.316(b)(2)(iii) – Updates (required)
Sample Documents
Sample Policy Modification Log