ONE OF THE critical information governance (IG) functions is successful execution of an organization’s privacy and security responsibilities. Chief among these responsibilities is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). This assessment is a foundation upon which other security processes will depend. Poor or non-existent risk analysis processes have been a finding in 89 percent of settlement agreements and civil money penalties imposed by the US Department of Health and Human Services’ Office for Civil Rights (OCR). In 2018 alone, the cost was over $24 million for organizations that failed to implement effective risk analysis or risk management processes.
Newsletter
Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.
Related Blogs
The proposed bill, introduced last month by Sens. Ron Wyden and Mark Warner, is a good step forward, but hospitals may need more funds to boost their cybersecurity practices, experts say.
According to an Okta report, 47% of healthcare organizations have a zero trust initiative in place, and 38% have plans to begin one in the next six to 12 months.
Connect
With Us