9 gray areas of HIPAA that should not be ignored
Under the HIPAA security rule, all covered entities must comply with a core set of required standards to secure protected health information. However, covered entities also must conduct a security risk assessment to determine if they need to add additional safeguards and justify through documentation why or why not such safeguards are necessary. This leads to gray areas as entities seek to determine if additional attention should be given to potential remaining vulnerabilities. Scrypt, a vendor of medical imaging, security communications and business operations software and services, lists nine gray areas that organizations should examine and to determine whether they are required or addressable.