"Health care organizations are challenged to protect patient data and comply with regulations governing health care entities. Having well-documented policies and controls, along with expert recommendations, are in an important part of reducing risk and achieving compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Areas that are frequently found to be deficient during HIPAA compliance reviews include annual and ongoing risk assessments, undocumented policies and controls and unwritten processes or procedures."