Missing the HIPAA Target – Part 2

In my previous blog, I stressed compliance is not about being an expert on HIPAA regulations, but being risk management proficient ― the ability to identify vulnerabilities and threats facing your organization, and to take steps to eliminate, minimize or manage them.  I usually refer to the next step as "ownership", but I’m not really a fan of the term.  A common synonym is "possession".  You can own something, but it doesn’t mean you are committed to taking care of it or ensuring a positive ou ...