ABSTRACT
Functional Decomposition of the Organization
Organizations have typically approached HIPAA security
readiness by starting with the HIPAA security require-
ments and applying those requirements to their information
technology (IT) departments. By relying solely on this
approach, organizations have failed to recognize that
security is cross-organizational, including business units
and individual users alike. Today’s Internet era is requiring
ever more information sharing, further blurring the bound-
aries of internal access and external access. How then do
you break down your organization to ensure you have
adequately addressed all the areas of your organization
concerning HIPAA security readiness?