It is time to review your policy and procedure manual for HIPAA. Some practices put the manual together and let it sit.  Don’t do that!! You need to review it each year, log the date and initial it. The policy doesn’t change but the actions in your office change. For example, do you have the same Chief Security Officer? Are you using the same software? One of the biggest changes is the change in your backup procedures. Are you still backing up to tape or are you using a cloud appliance that backs up off-site? All of these things need to be verified each year and the checklists need to be maintained.

Review Your Policy And Procedure Manual

At anytime, you can update or change your policy and procedure manual. You can add items, subtract things and change any necessary names on the policy. Employees change, work procedures change and policies change. Sometimes you may need to add a policy. For example, you may want to add a cell phone policy. If you no longer use a fax machine, you can change that policy all together.  I wouldn’t delete or shred the policy, I would update it to whatever it is. For example: we no long fax through a fax machine. See policy – Electronic Faxing. You never want to delete any processes because they can always be changed.

If You Don’t Have A Policy And Procedure Manual

If for some reason you don’t have a HIPAA policy and procedure manual, it is not too late to put one together. In addition to the manual, it is a good idea to accompany it with a check list for the procedural policies. Do not confuse the policy and procedure manual with the employee manual. They are two different things. The dress code has nothing to do with HIPAA policies and procedures.

Remember…every year to review your policy and procedure manual. It will save you a lot of stress in the long run.