The news, these days, seem to be riddled with stories of the latest cyber attacks, where millions of records of highly sensitive information has been stolen. This malicious activity has resulted in a multi-billion dollar industry for cyber criminals with catastrophic loss to medical practices in reputation and fines.
More than 700,000 hospitals, emergency medical clinics, dental offices, nursing homes and other health-related entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements of HIPAA – The Health Insurance Portability and Accountability Act.
Leon Rodriguez, former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, was responsible for enforcing HIPAA and HITECH. When asked where do organizations suffer the most audit failures, Rodriguez commented in the “Failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.”