Manage Learn to apply best practices and optimize your operations.

HIPAA violation examples: The five most common mistakes

3/6

ePHI: Healthcare risk management and risk analysis mistakes

Source:  yogysic/iStock
Visual Editor: Sarah Evans

According to the Office of Civil Rights, "organizations frequently underestimate the proliferation of ePHI within their environments," often leading them to be noncompliant with HIPAA. Just think of the use of various applications within a hospital, for example; not to mention the increased popularity of mobile and BYOD. OCR said that healthcare organizations must identify all of the ePHI created, maintained, received or transmitted by the organization in order to be HIPAA compliant and maintain effective healthcare risk management processes.

Furthermore, investigations done by OCR revealed that, in several instances, when an organization was breached, it was due to risks that had been identified in a risk analysis, but for which the organization failed to act accordingly.

The National Institute of Standards and Technology (NIST) suggests six steps for a healthcare risk management process:

  • Categorize information systems
  • Select security controls
  • Implement security controls
  • Access security controls
  • Authorize information systems
  • Monitor security controls
View All Photo Stories

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What healthcare risk management processes does your organization have to remain compliant, even with so much ePHI?
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close