Documenting all instances of ePHI, everywhere it is in use, in motion and at rest, is the one risk assessment and analysis activity that elicits the most fear and anxiety. It’s been touched on before, but it is worth repeating. Cybersecurity and compliance professionals develop anxiety about attaching their names to an activity that they feel will fall short. It’s a fear of being held accountable for every crazy thing end users do with patient data. If a breach occurs owing to misuse of data unknown to the entity, and that risk scenario is not documented ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_4
4. Inventory Your ePHI
Eric C. Thompson1
(1)Lisle, Illinois, USA
Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
