© Eric C. Thompson 2017

Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_16

16. Risk Treatment and Management

Eric C. Thompson

(1)Lisle, Illinois, USA

During the risk analysis and assessment process, risks specific to the entity’s governance, processes, and capabilities were documented. Risks associated with engaging a third-party service provider and risks due to the use of social media were discovered and added during the testing phase. These risks range in severity from low to very high, based on the likelihood and impact to the confidentiality, integrity, and availability of ePHI if an adversary exploits one of them. Selecting security measures as a means of risk reduction or mitigation ...

Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.