Confidentiality, Privacy and Security

P&Ps....Review Timeframe

  • 1.  P&Ps....Review Timeframe

    Posted 11 days ago
    As a matter of practice, how often do you review your HIPAA Privacy and Security policies?  When I refer to review, this includes when you update the policy's last revision date.

    A recent survey showed that about 84% of the organizations that responded (231 respondents) to the survey, reviewed their policies in the 2 - 3 year range with the other 16% reviewing their policies annually or on a cycle that is longer than 3 years.  To illustrate below is a little graphic.

    Looking to see how this compares with some folks within these eGroups.  Thanks!






    Posted: 2:35 AM AZ time


    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------


  • 2.  RE: P&Ps....Review Timeframe

    Posted 8 days ago
    Hi Frank, I reviewed annually for years, but in 2017 I started reviewing every 3 years.  Needless to say I am busy reviewing this year!
     
    Dovie H. Brady, RHIA, CHPS
     
     
     
     





  • 3.  RE: P&Ps....Review Timeframe

    Posted 8 days ago
    Thanks Dovie!  I think that sounds like a workable schedule.

    The good news is that there have been no recent HIPAA regulatory changes as supported by no postings in the Federal Register that indicate any policy revisions are needed to accommodate regulatory changes for HIPAA.  That can be helpful in managing this process.




    Posted: 7:14 AM AZ time

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 4.  RE: P&Ps....Review Timeframe

    Posted 8 days ago
    Hello Frank, we review every 2 years.

    ------------------------------
    Deborah Gagne
    Him Director and Privacy Officer
    Garrett Regional Medical Centerdsgagne@gcmh.com
    ------------------------------



  • 5.  RE: P&Ps....Review Timeframe

    Posted 8 days ago
    Thanks Deborah!

    One organization I worked for did it every 3 years like this...which worked GREAT...not because it was my idea (which it was) but because it was so much more manageable.

    Year 1 - Security Rule Policies (2nd largest group of policies)
    Year 2 - Breach Rule Policies (smallest group and a nice breather)
    Year 3 - Privacy Rule Policies (Largest group)
    ...repeat

    This also works for a number of reasons because you are also working the policies in the order of the Rules...which makes referencing the regulations a bit easier as well.



    Posted: 7:21 AM AZ time

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 6.  RE: P&Ps....Review Timeframe

    Posted 8 days ago
    Frank, thanks for that...will definitely look at altering things here. That makes much sense!

    ------------------------------
    Deborah Gagne
    Him Director and Privacy Officer
    Garrett Regional Medical Centerdsgagne@gcmh.com
    ------------------------------



  • 7.  RE: P&Ps....Review Timeframe

    Posted 6 days ago
    Hello, our corporate policy is to review/revise policy and procedure manuals every 3 years, more often of course if an individual P&P requires revision due to regulatory requirements or changes.

    Linda Westenberger, RHIA, CHPS, MPA, PMP