Friday, November 21, 2014

OCR Audits: Don’t Fall Victim To Past Mistakes

From InformationWeek:

OCR Audits: Don’t Fall Victim To Past Mistakes

If you are a healthcare provider you need to take this seriously.  Whether you choose to have your internal IT staff or an outside consultant is up to you.  The first thing you need is a comprehensive risk assessment.  When done properly that will tell you, among many other things, where your Personal Health Information (PHI) is stored.  Once you have done that you can begin securing it.

Remember PHI is much more valuable than SSN's or CC numbers.  Don't fool yourself and think you're too small for a hacker to be interested in.  They may not be interested in you but they are very interested in your patient data.

No comments:

Post a Comment