Steven Marco , President of Modern Compliance Solutions, has a passion for IS Security and over 18 years as a leader in executing various regulatory compliance mandates and Health IT. A CISA since 1999, he helped pioneer Internet Security Services and manage risk for numerous Fortune 500 companies while at Deloitte & Touche. At Resources Global Professionals, he led IT through their Sarbanes Oxley 404 audit and successful IPO in 2002. He currently drives risk management services through data security and regulatory compliance consulting, while developing industry-leading compliance automation software called HIPAA One. Steve holds a Bachelor’s Degree from Ryerson University in Computer Information Systems Management and Corporate Law.
Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.
Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.