You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.
The HIPAA Security Rule preamble reinforces training "criticality" and restates the standard, "We require training of the workforce as reasonable and appropriate to carry out their functions in the facility." Security training is essential.
Healthcare-associated infections (HAI) rack up millions of dollars in healthcare costs each year. HAIs are not only costly, but increase LOS and are often a source of preventable readmissions.
