Since the inception of the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations have been challenged to protect patient data and comply with regulations while supporting other business initiatives.
Most organizations do not have a risk methodology that would conduct an accurate and thorough assessment of the potential risks and vulnerabilities to confidentiality, integrity and availability of Protected Health Information (PHI). Information security is only one piece of the puzzle; the goal is to consider the business implications of security issues, creating a holistic approach that will provide actionable results for the business beyond security and IT departments.
This white paper highlights:
- A robust risk assessment methodology is an important part of reducing risk and achieving compliance;
- Several risk methodologies are considered best practice, but all are not a good fit for every organization;
- Factors outside of information security need to be included in risk methodologies.