“Patient revenue trumps privacy and risk management,” according to the sponsor of a new study that gives healthcare organizations failing grades for not adequately protecting patients’ PHI.
It appears OCR and state attorneys general will be taking a more serious approach to enforcing HIPAA and HITECH. It’s essential that covered entities (CE) and business associates (BA) who haven’t begun a security compliance review do so. This is a requirement of the HIPAA Security Rule evaluation standard.