Why covered entities need, and how to do, a personal data inventory, Part 1

7 minute read

Part 2 of this article series details personal data inventory, defines terms like “asset” and “data map” in detail, and provides actionable steps for undertaking these efforts in the healthcare context. But before we get to the how-to guide, the first part of our piece will examine the why behind the exercise.

We know from our experience working with HIPAA-covered providers, plans, and their business associates that they are not in the habit of doing data inventories. This is unusual among data-rich and rule-heavy industries, and healthcare is well behind other sectors in this regard. For those who need convincing or tips for obtaining buy-in from decision-makers, the first part of this piece will examine the commonsense reasons, best practice standards, legal requirements, and practical usefulness driving a data inventory exercise.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field