Chapter 8

Information Risk Planning and Management

Information risk planning is a key Information Governance (IG) program activity. In healthcare organizations, risk analysis is a HIPAA regulatory obligation as part of the administrative safeguard requirement. 1

According to the Health and Human Services website, “Risk analysis should be an ongoing process, in which a covered entity [healthcare provider, plan, or clearinghouse] regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.” 2

Often organizations have identified risks to information but have not taken the appropriate risk ...

Get Information Governance for Healthcare Professionals now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.