The OCR recently published its Summer 2020 Cybersecurity Newsletter, and the focus of this issue is identifying potential risks and vulnerabilities to ePHI data. In addition to stressing the importance of conducting a risk analysis, the OCR suggests that creating and regularly updating an IT asset inventory is critical for organizations to understand the location of their ePHI data and to improve their compliance with the HIPAA Security Rule.

In the newsletter, OCR recommends that an IT asset inventory include:

  • Physical computer hardware such as servers, routers, firewalls, workstations, removable media, and mobile devices
  • Software to include anti-malware tools, operating systems, databases, email, administrative and financial records systems, and electronic medical/health record systems
  • Data assets that include ePHI that the organization creates receives, maintains, or transmits on its network, electronic devices, and media.

To read the Summer 2020 OCR Cybersecurity Newsletter please click here.

Orrios’ OnTrack compliance management platform is designed to meet the requirements of a variety of standards, frameworks, and regulations critical to demonstrating your security and privacy posture ? including HIPAA. For more information, contact Maureen Kelly at or 407-378-7233.