Incorporating Risk Analysis Into Your HIPAA Strategy


Edward Zacharias said that a major HIPAA data security compliance trend for healthcare organizations is to be proactive rather than reactive in identifying data security threats. “What happens when an organization has one of these breaches, the enforcement authorities come in and, typically, the penalty isn’t in response to the breach itself, it’s more so the underlying actions (or lack thereof) that created the conditions for the breach to occur,” he explained. Mr. Zacharias urged “a risk analysis of all the places that sensitive information comes in and out of the organization and address the security risks.”