Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.
Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.
Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.