Overview:
Periodic security updates.
Action Items:
1) Obtain and review documentation demonstrating how periodic security updates are conducted. Elements to review may include but are not limited to: Frequency of the periodic security updates; Methods of communication used for security updates (i.e. emails, newsletters, posters).
2) Obtain and review documentation demonstrating that periodic security updates are conducted. Evaluate and determine if periodic security updates are accessible and communicated to workforce members.
Related Documents:
1) Documentation demonstrating how periodic security updates are conducted.
2) Documentation demonstrating that periodic security updates are conducted.
Additional Guidance:
There are many types of security reminders that covered entities may choose to implement. Examples might include notices in printed or electronic form, agenda items and specific discussion topics at monthly meetings, focused reminders posted in affected areas, as well as formal retraining on security policies and procedures. Covered entities should look at how they currently remind the workforce of current policies and procedures, and then decide whether these practices are reasonable and appropriate or if other forms of security reminders are needed.
Article ID: 448
Created: September 28, 2022
Last Updated: September 28, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-security-reminders-164-308-a-5-ii-a-448.html