Chapter 8

Information Risk Planning and Management

Information risk planning is a key Information Governance (IG) program activity. In healthcare organizations, risk analysis is a HIPAA regulatory obligation as part of the administrative safeguard requirement. 1

According to the Health and Human Services website, “Risk analysis should be an ongoing process, in which a covered entity [healthcare provider, plan, or clearinghouse] regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.” 2

Often organizations have identified risks to information but have not taken the appropriate risk ...

Get Information Governance for Healthcare Professionals now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.