This week is National Health IT Week (#NHITWeek), but I think it might be better to call it National Health IT Infographic week. I’m not complaining. I love a good infographic. For example, I posted the Rise of the Digital Patient Infographic and the Healthcare IT Leadership Infographic – A 25 Year History already this week. I figured I might as well round out the week and post an infographic on EMR and HIPAA as well. Coalfire sent me the following infographic looking at HIPAA audits. I don’t think most people realize the HIPAA audits that are coming. HIPAA audits have had a slow start, but I think the momentum is growing. If you’re an organization that ever touches healthcare data, you better be ready. Enjoy the HIPAA audit infographic below.
5 Elements of an Effective HIPAA Audit Program Infographic
Get Fresh Healthcare & IT Stories Delivered Daily
Join thousands of your healthcare & HealthIT peers who subscribe to our daily newsletter.
Quite frankly, if you are only concerned about ePHI, you are missing the boat.
As much as we’d like to think that offices have gone “electronic” means they are paperless…they are not?
I have yet to audit an office that is paperless…not one.
Until paper is gone from an office, the focus needs to be securing PHI overall, not just “e”.
Remember that box of paperwork found in Cali last year?
Fines are the same whether the PHI is “e” or other.
I agree, and if we look at the NIST 800-53 version 4 guidance on risk analysis (the foundation for this five step process) it says to list “personally identifiable information” in the Privacy Family of controls. Not just EPHI. Then we link that back to 45 CFR 164.306(a)(3) where it requires that the security controls includes those measures that would support the prevention of Privacy Rule violations (that’s the Subpart E quote). So I agree, if the risk analysis does not include things beyond EPHI, like paper, it can’t possibly make the integration between privacy and security desired by the federal government.