OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis
The Office for Civil Rights recently shared a detailed list of IT asset inventory steps, which can help covered entities and their business associates better fulfill the HIPAA Security Rule requirement of performing a complete risk analysis of all electronic protected health information (ePHI).
Under HIPAA, covered entities and business associates are required to conduct a risk analysis of all potential risks and vulnerabilities to the confidentiality, integrity, and availability of its ePHI. However, multiple OCR investigations have revealed organizations often fail to perform this valuable assessment and many do not fully understand where its ePHI is located within thein network.
This often leads to...