DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Per the HIPAA Security Rule, covered entities and business associates must maintain certain documentation. The documentation must include the written policies and procedures implemented to comply with the Security Rule, as well as actions, activities, or assessments the Security Rule requires to be documented. The documentation must be retained for 6 years from the date of its creation or the date when it last was in effect, whichever is later.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article