More than 700,000 hospitals, emergency medical clinics, dental offices, nursing homes and other health-related entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements of HIPAA – The Health Insurance Portability and Accountability Act.
So, too, are an estimated 2 million other companies that do business with these entities, including IT service providers, shredding companies, documents storage companies, attorneys, accountants, collections agencies, and many others. Many of these companies and organizations are not even aware of this legal requirement!
Leon Rodriguez, former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, was responsible for enforcing HIPAA and HITECH. When asked where do organizations suffer the most audit failures, Rodriguez commented on the “failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.”