Manage Learn to apply best practices and optimize your operations.

HIPAA violation examples: The five most common mistakes


ePHI: Healthcare risk management and risk analysis mistakes

Source:  yogysic/iStock
Visual Editor: Sarah Evans

According to the Office of Civil Rights, "organizations frequently underestimate the proliferation of ePHI within their environments," often leading them to be noncompliant with HIPAA. Just think of the use of various applications within a hospital, for example; not to mention the increased popularity of mobile and BYOD. OCR said that healthcare organizations must identify all of the ePHI created, maintained, received or transmitted by the organization in order to be HIPAA compliant and maintain effective healthcare risk management processes.

Furthermore, investigations done by OCR revealed that, in several instances, when an organization was breached, it was due to risks that had been identified in a risk analysis, but for which the organization failed to act accordingly.

The National Institute of Standards and Technology (NIST) suggests six steps for a healthcare risk management process:

  • Categorize information systems
  • Select security controls
  • Implement security controls
  • Access security controls
  • Authorize information systems
  • Monitor security controls
View All Photo Stories