It’s easy to see how these situations occur. An IT person may have made the change at the request of an administrator, but unless one of them updates the policy, it will be incorrect and you can be fined for that. In other cases, for HIPAA compliance, for example, perhaps policies were obtained by one vendor and another vendor handles the risk assessment. If those policies don’t get properly implemented, in coordination with your other vendors, then you’re violating basic cybersecurity principles and you’re not HIPAA compliant.
If you want to work with a leading end-to-end HIPAA compliance company, please call us, we are happy to be of service.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.