What is the difference between Risk Analysis and Risk Management in the HIPAA Security Rule?

Answer:

Risk analysis is the assessment of the risks and vulnerabilities that could negatively impact the confidentiality, integrity, and availability of the electronic protected health information (EPHI) held by a covered entity, and the likelihood of occurrence.

The risk analysis may include inventorying of all systems and applications that are used to access and house data, and classifying them by level of risk. A thorough and accurate risk analysis would consider all relevant losses that would be expected if the security measures were not in place, including loss or damage of data, corrupted data systems, and anticipated ramifications of such losses or damage.

Risk management is the actual implementation of security measures to sufficiently reduce an organization's risk of losing or compromising its (EPHI) and to meet the general security standards.
Home | About Us | Contact Us | Sitemap | Resources | Covered Entity | Business Associate
Individuals | Product Certification | HIPAA Compliance FAQ | HIPAA Compliance Software | HIPAA Security Policies | HIPAA Privacy Policies
HIPAA Business Continuity Plan | HIPAA Security Risk Analysis Template | HIPAA Audit Templates
Copyright © 2007-09 Supremus Group LLC Developed and Designed by Des Moines Web Design Company
This site is best viewed using Internet Explorer 5.0/higher or Netscape Navigator 7.0/higher at 1024x768 resolution for optimum performance