>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PRIV-09Document Management Standard: HIPAA

>Control Description

Documentation that impacts personal health information, including policies, procedures, and the documentation of actions, activities, or assessments, are retained for 6 years from the date of its creation, or the date when it last was in effect, whichever is later.

Theme

Process

Type

Preventive

Policy/Standard

Privacy Policy

>Implementation Guidance

1. Ensure that a process is defined and documented for retaining documentation related to personal health information. 2. Ensure that this documentation is retained at least for 6 years from the date of creation or when it was last effective. 3. Ensure this documentation consists of polices and procedures of actions, activities and/or assessments.

>Testing Procedure

1. Validate documented retention configuration is set to at least 6 years for policies, procedures, and assessment for the documents that impacts personal health information. 2. Inspect a sample of documentation going back to the earliest document or at least 6 years.

>Audit Artifacts

E-PRIV-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

HIPAA Security Rule
1

164.316(b)(2)(i)

Ask AI

Configure your API key to use AI features.