Compliance is an Ongoing Process

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued its first settlement under new OCR Director Jocelyn Samuels earlier this month. This latest settlement serves as a reminder that a successful privacy and security compliance program is an ongoing process. Samuels’ statements underscore the importance of monitoring information systems and conducting compliance audits. Samuels calls for entities to “review[] systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.” When it comes to data security, all organizations—from big box retailers to small start-up companies, from large health systems to small provider groups—need to continuously assess risks and vulnerabilities to their data and develop a plan for reducing the risk of a data breach. To continue reading, click here.