Why, how, and when to conduct an information security risk analysis
An article in HCCA Compliance Today
Under the Health Insurance Portability and Accountability Act (HIPAA), all electronic protected health information (e-PHI) created, received, maintained, or transmit- ted by a “covered entity” is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e-PHI security and privacy is fundamental and paramount.