The HIPAA Security Rule requires covered entities and business associates to ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI) that it creates, receives, maintains or transmits. Despite the long-standing HIPAA requirement, OCR investigations frequently find that organizations lack sufficient understanding of where all of the ePHI entrusted to their care is located. Although the Security Rule does not require it, creating and maintaining an up-to-date information technology (IT) asset inventory could be a useful tool. To read about how and why an IT asset inventory could be useful, click here.
News & Insights
Making a List and Checking it Twice: HIPAA and IT Asset Inventories
September 09, 2020