Of the 980 problems identified during the 115 HIPAA audits about a third were because health care organizations were unaware of certain regulations that applied to them.
"It appeared that some organizations wrote their data privacy and security policies only after being targeted for an audit. ."The analysis also found that 47 of the 61 audited health care providers had not completed a full and accurate risk assessment to identify potential data problems.
- Linda Sanchez, Senior OCR Advisor
The required risk assessment includes ensuring that health workers only have access to data required for their job. There are now low-cost on-demand SaaS analytics services to detect user access exceptions and create complete reports for the attestation process.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Some Organizations Unaware of Health Data Privacy, Security Rules - www.iHealthBeat.org, 04/25/2013