Risk Management

From Clinfowiki
Jump to: navigation, search

Risk Management

Is the act of implementing security safeguards and controls. It also entails monitoring for changes and responding with enhanced strategies.

The HIPAA Security Rule addresses the ongoing management of risks in several areas:

  • §164.306(e)€, which requires organizations to ensure the following: “Security measures implemented to comply with standards and implementation specifications adopted...must be reviewed and modified as needed to continue provision of reasonable and appropriate protection of electronic protected health information.”
  • §164.308(a)(1)(ii)(D), Information system activity review, which requires organizations to “implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.”
  • §164.308(a)(8), Evaluation, which requires organizations to “perform a periodic technical and nontechnical evaluation, based initially upon the standards and implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information that establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart.”

The success of a risk management process depends heavily on the commitment of those involved with safeguarding an application or system. These individuals must implement the approved control recommendations. Therefore, it is strongly suggested that some type of follow-up be scheduled approximately two to three months after the final risk analysis report is delivered and signed. The purpose of the follow-up is to verify progress on risk reduction and to maintain open communications when obstacles are encountered. [1]


  1. Kuhn AM Youngberg BJ. The need for risk management to evolve to assure a culture of safety. Qual Saf Health Care 2002;11:158-162 doi:10.1136/qhc.11.2.158. Retrieved from http://qualitysafety.bmj.com/content/11/2/158.short