[ Friday, May 27, 2011 ]
An interesting blog post
about OCR's investigative response to a small medical practice that suffered a laptop theft. I'm not particularly surprised by what they're asking for. But what it should highlight is that if you haven't done a Security Risk Analysis (you were required to do it in 2003 and "periodically" update it), you're going to have a hard time explaining that failure if you suffer a breach.
Jeff [11:52 AM]
Blogger: HIPAA Blog - Edit your Template