Approaching Risk Assessments
Approaching Risk Assessments a. A privacy risk assessment is a tool used to assess the impact and risks to the privacy of personally identifiable information (PII) stored, used and exchanged by information systems. b. Risk Analysis involves conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of personal identifiable information held by the organization. c. Risk analysis process usually involves: reviewing existing polices, identifying any issues/holes, accessing the likelihood of a breach, developing ways to mitigate risks and monitoring the results of the assessment and plan development. This is how I envision approaching risk assessments. d. For example, health care providers are required to conduct risk assessments under HIPAA and attest to meaningful use criteria of EHR systems under HITECH. These providers must provide also documentation of this process, if audited by DHHS.