One of the three foundational security requirements is availability-the ability to access data when you really need it. Data accessibility is considered sound security practice and is a requirement per the HIPAA Security Rule (45 CFR 164.306[a][1]). If a data storage device fails, you can lose access to your patients' or health plan members' PHI. This could adversely affect patient care and service to health plan members.
HIPAA privacy and security officers often spend a lot of time and effort protecting their healthcare organization from the threat posed to its PHI by outsiders. Most organizations do a pretty good job of recognizing the threats to critical assets from outside their own perimeter. However, they must also not ignore the threat that comes from those inside the organization, said Randall F. Trzeciak, who spoke at the Fifth HIPAA Summit West in September in San Francisco.
The dice were rolled and, surprise, you got a letter in the mail from the OCR. You were selected for a HIPAA compliance audit-one of 150 the OCR will conduct in 2012 via its contractor KPMG, LLP.
