NYS Comptroller DiNapoli’s Office released an audit of Roswell Park Cancer Institute’s security for ePHI under the requirements of HITECH. The summary reports:
The institute has taken many steps to safeguard its electronic protected health information (ePHI) and meet security requirements. In addition, auditors found the institute has adequate protection policies in place and a plan to make mandatory notifications when ePHI is lost or stolen. However, auditors identified some improvement opportunities.
You can access the full audit report here (pdf).