Risk Analysis

Why, how, and when to conduct an information security risk analysis

Why, how, and when to conduct an information security risk analysis

Why, how, and when to conduct an information security risk analysis
An article in HCCA Compliance Today

Under the Health Insurance Portability and Accountability Act (HIPAA), all electronic protected health information (e-PHI) created, received, maintained, or transmit- ted by a “covered entity” is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e-PHI security and privacy is fundamental and paramount.