To make a simplistic medical analogy, a security risk analysis is the examination and testing you do to assess clinical risk and diagnose a condition. Just as you use a diagnosis and other clinical data to plan treatment, you will use the risk analysis to create an action plan to make your practice better at protecting patient information. Further, privacy and security are like chronic diseases that require treatment, ongoing monitoring and evaluation, and periodic adjustment.
A security risk analysis is a systematic and ongoing process of both:
• Identifying and examining potential threats and vulnerabilities to protected health information in your medical practice.
• Implementing changes to make patient health information more secure than at present, then monitoring results (i.e., risk management).