Risk Analysis and Management

RiskAnalysis and Management

RiskResponse Planning

Riskresponse planning aims at developing alternatives to minimize thethreats and optimize on opportunities. In the case of electronichealth records, the major threat is breach of privacy. Electronichealth records (EHR) face the risk of getting to the wrong hands.Usually, these records should only be accessed by authorized healthworkers. However, without a reliable security system, the records maybe hacked by cyber criminals or rather accessed by unauthorizedpersons. HIPPA emphasizes on patients’ privacy hence, the need forrisk response planning to minimize the breach of security. Inaddition, the information of patients should be stored safely toprevent loss of patients’ records (Skolnik, 2011).

Thefollowing are the steps that should be in risk response planning tominimize loss of data and cyber attacks:

  • Prevent inappropriate or unauthorized access- To minimize or prevent unauthorized access, the IT experts should issue unique and stronger user names and passwords to the authorized users.

  • Use of encryption technology- The electronic health records should use encryption technology to protect the records of patients from being accessed by unauthorized people when it is transmitted or stored in electronic devices. Encrypting puts the information of patients in coded form such that it can only be read by people who have the key. This technology is an effective method of ensuring that cyber criminals have minimal access of the health records.

  • Back the system up- In the event of unexpected incident, the patients’ records should be backed up. This keeps the needed information in safely whenever an incident like cyber attack takes place.

  • Use of antivirus- The devices storing the information of patients should be regularly updated to prevent loss of data.

RiskMonitoring and Controlling

Riskmonitoring and controlling refers to the process that keeps the trackof the risks identified, assessing the effectiveness of riskresponses, and identifying new risks. As such, there should be aneffective reporting mechanism to ensure that all risks are covered inreviews. In order to comply with HIPPA, the management shouldcontinue to review, correct, and update the protection of thesecurity (Skolnik, 2011).

Thefollowing are steps necessary in risk monitoring and control:

  • Evaluation of EHR implementation facility- This entails evaluating the readiness for the changes.

  • Evaluation of the supporting tools and strategies for the overall project.

  • Continual risk assessment of the electronic health records.

  • Continue assessment of the efficacy of the safeguards put in place to ensure minimal security breaches.

  • Implementation of a process for viewing and administering electronic health records.

  • Continual training of employees to ensure that they appropriately use and protect the electronic health records.

  • Implementation of a system for reporting security breaches to enhance the effective use of electronic health records.

  • Auditing of the electronic health records operations.

Otherimportant factors that are considered in risk monitoring and controlinclude:

  • The employees who should and should not access the electronic health records.

  • The level of employees’ access to information.

  • Ensuring that back up facilities are put in place.

  • Training employees to identify cases of information breaches or alterations in the electronic health records.

Riskmonitoring and control ensures that the measures of enhancing thesecurity of EHR are met accordingly. Patient’s information isprivate and confidential. Therefore, there is great need tocontinually monitor the use of EHR and comply with HIPPA (Skolnik,2011).


Skolnik,N. S. (2011). Electronicmedical records: A practical guide for primary care.New York: Humana.

Related Posts

© All Right Reserved