A risk assessment is a critical element of an effective risk management process - and it is also required for healthcare entities under the HIPAA Security Rule. Done right, a healthcare risk assessment helps covered entities and their business associates perform their mission and protect health information assets.
But how do you know if you are getting the most out of your risk assessments? Are they truly driving strategy and influencing security spending? Or are they mere compliance exercises that fail to address your organization's true security needs?
The Healthcare Questionnaire: Assessing Risk was a quick survey conducted in mid-2012 and aimed at helping healthcare organizations benchmark themselves through self-assessment. Among the key findings:
- Nearly 40% of healthcare leaders say their organization has not conducted a risk assessment in the past year.
- When conducting a risk assessment, 63% of healthcare leaders find that complexities of laws, both state and federal, create challenges.
- 88% of those surveyed report making long-term changes in IT solutions as a result of risk assessments.
To see the full results and see how healthcare organizations can leverage risk assessments to influence priorities and spending, download this report: Unlocking The Hidden Value of Risk Assessments