Security Risk Analysis

Protecting Patient Health Information with Security Risk Analysis (SRA)

For the 2017 calendar year, The U.S. Department of Health and Human Services received reports of 359 unique breaches of unsecured protected health information (PHI). These breaches led to 4,977,655 individuals having their personal information exposed. Hacking/IT incidents were still the largest threat to patient information being disclosed to unauthorized entities. U.S. Department of Health and Human Services, February 26, 2018. (Retrieved from

What is Security Risk Analysis and why is it important?

Security Risk Analysis is the first step in the process of protecting electronic protected health information (ePHI) from reasonably anticipated threats and vulnerabilities.

Using ePHI is necessary to perform medical care but if the information falls into the wrong hands, this can be very damaging to affected patients and the organization responsible for the breach.

Patients can be victimized by fraud, identity theft, loss of privacy, or improper modification of their medical records.

Health care organizations may be subject to financial penalties, lost revenue, bad publicity, and legal action. Losing access to health information or having the data corrupted can seriously impede an organization’s ability to provide care, as well.

Securing patient information is necessary to ensuring adequate medical care can be provided, as well as protecting the reputation and financial stability of the health care organization.

Security Risk Analysis is one of many requirements mandated by the HIPAA Security Rule. It is also a requirement of MIPS and Promoting Interoperability/Meaningful Use. Beyond these requirements, strengthening the security of your information systems is an investment in your organization and your patients.

Contact M-CEITA today to learn more about how we can help you take this critical step toward effectively securing ePHI in your organization.


Click on an icon below to find out more about how M-CEITA can help your organization secure patient information and meet the security requirements of MIPS, Promoting Interoperability/Meaningful Use, and HIPAA.


No resources available.