After updating the HIPAA Law (HIPAA Omnibus Rule) in 2013, and a new Enforcement Deadline coming up on September 23, 2013, some organizations still aren’t HIPAA compliant! With over 22,000,000 disclosures of Protected Health Information already, what are the five most common reasons why your organization isn’t compliant!
– maybe you were too busy, or maybe you weren’t sure what a risk
analysis really is. A HIPAA Risk Analysis, (
Many information security
managers think that ”IT people always know best”, and as far as HIPAA goes, that’s not correct.
HIPAA rules need to be followed by the medical staff, by the medical records people, by the human
resources department, and by everyone who handles or accesses PHI (protected health information).
And the Risk Analysis has to reflect input from all these different roles.
after the HIPAA Risk Analysis was completed. The HIPAA Security controls should have been implemented with the Risk Analysis, not added completely independently. The Risk Analysis should be a road map, not a boring report that ended up locked in a file cabinet somewhere.
In a recent HIPAA Risk Analysis, the individuals surveyed said they had a few hours of HIPAA training when they joined the company, but nothing since. Next question, how long had they been with the organization, and they said, and yet they had never had or even access to a security awareness program.