Undocumented policies and procedures are among the top five stumbling blocks to HIPAA compliance that Chris Apgar, CISSP, finds when he audits healthcare organizations.
Q A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or business associate (BA) violate HIPAA? Must the patient disclosure accounting record include this incident?
Breaches are expensive, and the price tag increases when preparation and formal documentation are lacking. Identity Theft Guard Solutions, LLC, in Portland, OR, doing business as ID Experts, has introduced a do-it-yourself breach assessment, monitoring, and investigation tool called RADAR™ that helps reduce costs associated with lack of preparation, breach investigation, notification, and documentation.