News and Views
Media Coverage

HIPAA Physical Security May Be Ripe for Audit despite Fewer Cases

The Report on Medicare Compliance

Ransomware may grab the headlines in the HIPAA security world, but covered entities also should be sensitive to physical security vulnerabilities and relevant requirements in the HIPAA Security Rule.


Hospitals are also vulnerable because of the paper they still have lying around and the continued use of fax machines that are unencrypted, said attorney Sharon Klein, with Blank Rome in Irvine, California. Suppose an unauthorized person gains access by tailgating their way through the front door or steals an access card. They may be able to get their hands on protected health information, she said.

“You walk into institutions and there’s paper everywhere and there’s fax machines that are unencrypted,” Klein said. The HIPAA headlines are about digital failures and hacks, but “most hospitals can’t get rid of paper. The boxes of paper should be shredded.”

To read the full article, please click here.

"HIPAA Physical Security May Be Ripe for Audit despite Fewer Cases," by Nina Youngstrom was published in The Report on Medicare Compliance (Volume 32, Number 35) on October 2, 2023.