This entry is part 22 of 59 in the series Complete Guide to HIPAA Security Final Rule

This Policies and procedures and documentation requirements section of the HIPAA Security Final Rule includes requirements for the implementation of reasonable and appropriate policies and procedures to comply with the standards, implementation specifications and other requirements of the Security Rule; maintenance of written (which may be electronic) documentation and/or records that includes policies, procedures, actions, activities, or assessments required by the Security Rule; and retention, availability, and update requirements related to the documentation.

There are two standards in the section and those are:

  1. Policies and Procedures
  2. Documentation
Series Navigation<< 164.318 Compliance dates for the initial implementation of the security standards164.310(d)(1) Physical safeguards – Standard: Device and media controls >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.