In addition, the OCR said the healthcare organization failed to meet HIPAA criteria on risk analysis and as part of the settlement, they must also perform an organization-wide risk analysis and submit the analysis and a risk management plan to OCR.
"OCR said [the healthcare organization] failed to meet HIPAA criteria on risk analysis."Healthcare organizations seeking to detect data privacy breaches and identity theft, even if it occurs only once, can utilize identity and access analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.Sources:
(a) Health Care Organizations Report Data Breaches, Settlements - www.iHealthBeat.org, 12/08/2015