HIPAA HITECH Breach Prevention on Hold, Breach Notification in Force, Does this Make Sense?
In a personal record third blog of the day I want to point out that apparently OCR is more interested in breach notification than breach prevention. When told that enforcement will be delayed most business associate and many covered entities stopped or slowed down the efforts that could prevent breaches. Putting in place good policies, procedures, and forms. Appointing a privacy and securty officer, training their staff. These are pretty much on hold in many organizations yet if they have a breach of more than 500 records they are put in the equivalent of a pillory on the OCR website.
I think the priorities should be reversed. Give a signal today that everyone needs to start, today, working on breach prevention. With modern tools getting compliant is within reach for even the smallest company at prices they can afford, but most will resist until they get clear signals from the government and their business partners.
Let's get started.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
