Policies and Procedures and Documentation Requirements


4.22. Documentation (? 164.316(b)(1))

Standard: Documentation. Maintain the policies and procedures implemented to comply with this subpart in written (which may be electronic) form; and- If an action activity or assessment is required by this subpart to be documented maintain a written (which may be electronic) record of the action activity or assessment.Implementation specifications:- Time limit (Required). Retain the documentation required by paragraph (b)(1) of this section for 6 years from the date of its creation or the date when it last was in effect whichever is later.- Availability (Required). Make documentation available to those persons responsible for implementing the procedures to which the documentation pertains.- Updates (Required). Review documentation periodically and update as needed in response to environmental or operational changes affecting the security of the electronic protected health information.


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video