If healthcare organizations take a lesson from Blue Cross Blue Shield of Tennessee's (BCBST) $1.5 million settlement for its 2009 HIPAA breach, it's that they should wake up and pay attention to where their ePHI is contained and stored, says Ali Pabrai, MSEE, CISSP, CSCS.
With 20 initial "trial" audits completed, OCR expects to move forward with another 95 audits to measure HIPAA compliance before year's end, said Susan McAndrew, JD, OCR's deputy director for health information privacy. This represents a reduction in the number of audits (150) that were originally planned for 2012.
Sure, you understand the value of investing in improvements that will better protect your organization's PHI. But do the senior leaders who actually hold the purse strings get it?