The Health Insurance Portability and Accountability (HIPAA) regulation impacts health care organizations that exchange and store patient information. HIPAA regulations were established to protect the integrity of patient information and compliance is intended to secure health information against unauthorized use, theft or disclosure of the information.
As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. Further an organization must be able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.
Gartner analysis of data from the U.S. Centers for Medicare and Medicaid Services’ (CMS’s) Office for Civil Rights (OCR) shows that almost two-thirds of organizations regulated by HIPAA do not have complete or accurate risk assessment capabilities.
Download Solution Brief