HIPAA - Updates 164.316(b)(2)(iii)

Overview:
Review documentation periodically and update as needed, in response to environmental or operational changes affecting the security of the electronic protected health information.

Action Items:
1) Obtain and review policies and procedures regarding documentation reviews and updates.
2) Obtain and review documents demonstrating that policies and procedures are reviewed and updated on a periodic basis. Evaluate and determine if such implementation is in accordance with related policies and procedures.

Related Documents:
1) Policies and procedures regarding documentation reviews and updates.
2) Documents demonstrating that policies and procedures are reviewed and updated on a periodic basis.

Additional Guidance:
The need for review and update will vary based on a covered entity’s documentation review frequency and/or the volume of environmental or operational changes that affect the security of EPHI. This implementation specification requires covered entities to manage their documentation so that it reflects the current status of their security plans and procedures implemented to comply with the Security Rule.