How to Conduct a Bona Fide HIPAA Security Risk Analysis
January 13, 2014
The phrases "risk analysis" and "risk assessment" are becoming commonplace. They're appearing in RFPs, blogospheres, webinars, advertisements by newly-announced, self-proclaimed experts and anyone dealing with electronic Protected Health Information (ePHI) must do one! Unfortunately in many cases the meaning of these phrases is poorly communicated and confusing. You first need tounderstand what your risk is In order to conduct a risk analysis.
In the healthcare market's increasing demand for privacy and security the state of risk management of information is a mess! This problem comes about for many reasons including, but not limited to, the following:
- There is little agreement on standard terminology, approach and tools.
- Key risk-related terms such as assets, threats, vulnerabilities, controls, likelihood and impact are misused and sometimes used interchangeably!
- Many "experts" don't understand basic risk fundamentals
- Most individuals do not understand that you simply can't observe risk and that risk is a derived value.
- You cannot begin to conduct a bona fide risk analysis if you don't understand what risk is and what risk is not.
In this webinar, we will separate fact from fiction and helped attendees understand what information risk really means and how to conduct a bona fide HIPAA risk analysis.
Click here to view the bio of Bob Chaput