CMS’ 2008 audits revealed six areas where covered entities (CE) struggle to comply with the HIPAA Security Rule:
- Risk assessment
- Currency of policies and procedures
- Security training
- Workforce clearance
- Workstation security
CMS’ audit report also detailed corrective actions organizations took to resolve problems. OCR now has responsibility for enforcing the Security Rule.
Check out these PDFs for the full CMS report.