The security of PHI is no longer the exclusive domain of covered entities (CE).
Undocumented policies and procedures are among the top five stumbling blocks to HIPAA compliance that Chris Apgar, CISSP, finds when he audits healthcare organizations.
Could a data breach be life-threatening?
Q A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or business associate (BA) violate HIPAA? Must the patient disclosure accounting record include this incident?