During the risk analysis and assessment process, risks specific to the entity’s governance, processes, and capabilities were documented. Risks associated with engaging a third-party service provider and risks due to the use of social media were discovered and added during the testing phase. These risks range in severity from low to very high, based on the likelihood and impact to the confidentiality, integrity, and availability of ePHI if an adversary exploits one of them. Selecting security measures as a means of risk reduction or mitigation ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_16
16. Risk Treatment and Management
Eric C. Thompson1
(1)Lisle, Illinois, USA
Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.