Undocumented policies and procedures are among the top five stumbling blocks to HIPAA compliance that Chris Apgar, CISSP, finds when he audits healthcare organizations.
Q A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or business associate (BA) violate HIPAA? Must the patient disclosure accounting record include this incident?