"OCR said [the healthcare organization] failed to meet HIPAA criteria on risk analysis." -iHealheBeat.org
In addition, the OCR said the healthcare organization must also perform an organization-wide risk analysis and submit the analysis and a risk management plan to OCR.
Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.
(a) Health Care Organizations Report Data Breaches, Settlements - www.iHealthBeat.org, 12/08/2015
(b) Thank you to Databreaches.net who was the source for this posting