Risk: Lack of documentation to mitigate threats and vulnerabilities.
Explanation: Not having a formal, documented program, which is always secondary to thorough risk analysis, might be the reason why you’re not able to implement effective safeguards to protect your ePHI against possible vulnerabilities and security threats. This may compromise your ePHI security in several ways:
- You may face medical identity theft due to unauthorized access, theft or disclosure of ePHI.
- Unauthorized access to your practice’s ePHI may leave it inaccessible, compromised and exposed.
- The ability of healthcare professionals to correctly diagnose and treat the patients may be severely compromised due to the corruption of your practice’s ePHI.
Mitigation: Conduct an annual risk analysis and document all possible threats and vulnerabilities to your practice’s ePHI. Based on the documented risks and vulnerabilities, implement appropriate security measures specifically targeted to mitigate the vulnerabilities to an appropriate level!
Success Criteria: Documentation of possible risks and implementation of safeguards leading to reduction in security breaches.