Office for Civil Rights Recommends IT Asset Inventory
The National Law Review
In its Summer 2020 Cybersecurity Newsletter, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) expressed a concern that organizations lacked sufficient understanding as to the location of their electronic protected health information (ePHI). Although not required by the Security Rule, OCR now recommends that an organization develop an information technology (IT) asset inventory to assist in developing a comprehensive, enterprise-wide risk analysis.
OCR recommends that the IT asset inventory include a listing of an organization’s IT assets, the version of the assets, person accountable for the assets and location of the assets. When creating an IT asset inventory, OCR recommends that organizations include:...