In my experience, most organizations in the health-care industry?both covered entities and business associates?have taken the steps to put policies, business processes, and training programs in place to help ensure compliance with the HIPAA Security Rule. Still, there's a gaping hole in many healthcare compliance and security programs: a lack of technical security testing of Web applications, mobile applications, and network systems.
Albert Einstein once said "The difference between stupidity and genius is that genius has its limits." To paraphrase Einstein, the difference between security and compliance is that compliance has its limits. With each high-profile breach that makes headlines, organizations likely question the link between compliance and security, wondering whether the two are one and the same.
While it can be challenging to define your organization's legal health record (LHR), one health system in Denver is proving that collaboration and perseverance can lead to an effective LHR and EHR.
