Although most HIPAA compliance training underscores that the e-mailing of ePHI that has not been encrypted is a violation of the HIPAA security rule, most training materials that I have come across do not go far enough in emphasizing the importance of encrypting ePHI that is at rest not only on laptops, but on desktops and servers as well. Unfortunately, as an office in San Antonio just learned…
The PHI·Gard Blog
Thoughts on HIPAA/HITECH and Healthcare Data Security
HIPAA/HITECH Compliance Audits Are Here – Do you know where your e-mail has been?

HIPAA Audits Begin
Although the importance of maintaining an “audit-proof” posture when it comes to compliance in general is nothing new at larger healthcare organizations and public companies, it is clear that many small- to mid-sized covered entities have adopted a less conservative approach to HIPAA compliance. Within the latter, compliance is often unofficially seen as a matter of forma…