Top 10 Myths of Information Security Risk Assessment

VES LogoWipFli Risk Advisory and Forensic Services Manager Rick Ensenbach presented recently at a Vital Education Series event on the importance of healthcare security.

In a discussion geared towards healthcare professionals and business associates, Ensenbach dove into the world of healthcare security – the threats, the regulations and the risks of not proactively crafting a security policy intended to keep patients’ lives and records safe.


He also presented the top 10 myths of security risk assessment:

  1. Security risk assessment is optional for small providers.
  2. Installing a certified EHR fulfills my security risk analysis Meaningful Use requirement.
  3. My EHR vendor will take care of everything I need to do for security and privacy.
  4. I have to outsource the security risk assessment. (Note: Expert knowledge may be needed to stand up to an audit.)
  5. A checklist will suffice for risk assessment.
  6. There is a specific risk assessment method that I must follow.
  7. My security risk analysis only needs to look at my EHR.
  8. I only need to do a risk assessment once.
  9. Before I attest for an EHR incentive program, I must fully mitigate all risks.
  10. Each year I have to completely redo my security risk assessment.


(Reference: )


JonsfaceAre you a healthcare professional or an associate with healthcare clients? To learn more about healthcare security, contact Jon Heyesen, Director of Business Development, at 218.720.4435.