HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends

Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write:

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations “lack sufficient understanding” of where all of their ePHI is located, and while the creation of an IT asset inventory list is not required under the HIPAA Security Rule, it could be helpful in the development of a risk analysis, and in turn and implementing appropriate safeguards – which are HIPAA Security Rule requirements.

Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
Authorities released free decryptor for Phobos and 8base ransomware
Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
Missouri Adopts New Data Breach Notice Law
Qantas obtains injunction to prevent hacked data’s release
Ransomware attack disrupts Korea's largest guarantee insurer

Related: