ONE OF THE critical information governance (IG) functions is successful execution of an organization’s privacy and security responsibilities. Chief among these responsibilities is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). This assessment is a foundation upon which other security processes will depend. Poor or non-existent risk analysis processes have been a finding in 89 percent of settlement agreements and civil money penalties imposed by the US Department of Health and Human Services’ Office for Civil Rights (OCR). In 2018 alone, the cost was over $24 million for organizations that failed to implement effective risk analysis or risk management processes.
The need for robust cybersecurity legislation has never been more urgent. The Cybersecurity and Resiliency Act (HCCRA) of 2024 is a proposed bipartisan bill aimed at enhancing cybersecurity resilience across the health care sector.
