Before today, how would you describe your knowledge about the HIPAA audits?

Answer	Total %
I feel pretty knowledgeable	8%
Somewhat knowledgeable	35%
A little knowledgeable	36%
Not knowledgeable at all	21%

---

How well-prepared do you feel if your practice was audited?

Answer	Total %
Very prepared	4%
Fairly well - prepared	40%
Not very prepared	41%
Not prepared at all	16%

---

What security assessment audit tool have you used?

Answer	Total %
Government tool discussed	2%
One that came with our manual	18%
Proprietary assessment tool	4%
We have not yet conducted an audit	73%
Other	4%

An unencrypted USB drive has ended up costing one dermatology practice $150K in fines. The device, containing ePHI relating to Mohs surgery on approximately 2,200 patients, was stolen from a staff member’s car on September 14, 2011. The drive was never recovered. The practice notified patients of the breach within 30 days of its discovery, and also notified the media, which is required by the Breach Notification Rule. However, upon investigation, the Office of Civil Rights concluded that the practice was non-compliant in three areas: Read More...