“I don’t do risk assessments; I assess risk,” said Sharon Finney, corporate data security officer at Adventist Health System, speaking Thursday at the Healthcare IT News/HIMSS Media Privacy & Security Forum in Boston. There’s a difference. One happens on a daily basis. The other might happen a time or two each each year. A risk assessment, said Finney, sounds like something that “has a beginning and an end, and it doesn’t.”
As announced in Healthcare IT News, repercussions for ignoring HIPAA are becoming more and more visible, and will only continue. As we reported a few months ago, small and independent practitioners offices are the more frequently fined healthcare operations.