Security Risk Analyses Can Offer Significant Findings by Wes Morris

ONE OF THE critical information governance (IG) functions is successful execution of an organization’s privacy and security responsibilities. Chief among these responsibilities is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). This assessment is a foundation upon which other security processes will depend. Poor or non-existent risk analysis processes have been a finding in 89 percent of settlement agreements and civil money penalties imposed by the US Department of Health and Human Services’ Office for Civil Rights (OCR). In 2018 alone, the cost was over $24 million for organizations that failed to implement effective risk analysis or risk management processes.

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Connect
With Us