Which information locations in covered entities under HIPAA must be secured first? A multi-criteria decision-making approach.

Creating adequate safeguards for physical and online locations (e.g., desktop computers, network servers) where protected health information (PHI) may be breached is critical for management within entities compliant with the Health Information Portability and Accountability Act (HIPAA).