Identify the Risk Groups and Safeguard PHI
Sensitive information, such as PHI and PII, is a critical asset within a health care organization. Identifying the risk groups helps clarify operational context and reveals potential vulnerabilities across the IT infrastructure. By doing this, we establish clear priorities for making security investments so that the most critical security challenges are addressed first.
- Do databases contain PHI and PII? If so, identify the database tables, columns or fields.
- Is there sensitive data in file shares? If so, identify the folders and files.
- Is there high-risk data on clinical workstations or laptops? If so, identify those devices.
Conduct a Risk Assessment, including a technical Vulnerability Assessment, and remediate any issues.