States Privacy News

HIPAA Events

calendar

Events Webinars Training

The covered entity self-reported as required to OCR that a computing device had been stolen from a workforce member's car. The device contained ePHI. The investigation found that the entity did not have adequate risk analysis and risk management processes in place when the incident occurred. Among other violations, the audit found that HIPAA policies and procedures were still in draft form. | Read the Press Release