UNIVERSITY OF MAINE SYSTEM HIPAA GENERAL OPERATING POLICY #42 DOCUMENTATION
I. Policy Statement
It is the policy of the University of Maine System(“UMS”) to maintain policies, procedures and other documentation regarding the privacy and security of health information as required by HIPAA and its implementing privacy and security regulations.
II. Policy Purpose
The purpose of this policy is to assure that the UMS maintains its policies, procedures and other documentation regarding the privacy and security of health information as required by HIPAA and its implementing privacy and security regulations.
III. Policy Standards
All policies and procedures required by HIPAA and its implementing privacy and security regulations shall be maintained in written and/or electronic form. If the regulations require that a communication be in writing, the UMS shall maintain such writing, or an electronic copy, as documentation. If the regulations require that an action, activity or designation be documented, the UMS shall maintain a written or electronic record of such action, activity or designation.
The UMS shall maintain all of the documentation required above for a period of six years from the date it was created or the date when it last went into effect, whichever is later.
The above represents a general statement of UMS operating policy. For further details on this statement, see 45 CFR 164.530.
Revised 05-06-05