Common violations include lost or stolen unencrypted devices, weak or shared passwords, sending patient data to the wrong recipient, missing business associate agreements, and skipping a current risk assessment. Many are not malicious but result from systems that were never configured with safeguards in mind. Strong technical controls prevent a large share of these.


Leave A Comment