Interested in more HIPAA Compliance statistics? Check out our HIPAA Guide in the link below.
2019 Risk Management Trends
HIPAA SNAPSHOT: RISK MANAGEMENT IN 2018
We surveyed 294 healthcare professionals responsible for HIPAA compliance (82 from 2018 and 212 in 2017) about their risk management processes, focusing on their risk analysis and risk management plan efforts. This infographic is an analysis of their collected responses.
- 29% of organizations have conducted a risk analysis.
- 18% of organizations conduct a risk analysis at least annually.
- 17% of organizations have a risk management in place.
- 11% of organizations review their risk management plan at least annually.
Organizations Conduct a Formal Risk Analysis
PRO TIP: Organizations need to conduct a formal risk analysis in order to know how to prepare for and protect against cyber-attacks.
- 46% No
- 25% Don’t know
- 29% Yes
- 26% No
- 29% Don’t know
- 45% Yes
How Often Organizations Conduct a Risk Analysis
PRO TIP: HIPAA requires organizations to regularly conduct a risk analysis (e.g., annually).
- 49% Never
- 24% Don’t know
- 9% Every other year
- 17% Annually
- 1% Semi-annually
- 19% Never
- 30% Don’t know
- 3% Every other year
- 39% Annually
- 9% Semi-annually
Organizations Have a Formal Risk Management Plan
PRO TIP: HIPAA requires organizations to create a risk management plan annually.
- 51% No
- 32% Don’t know
- 17% Yes
- 21% No
- 35% Don’t know
- 44% Yes
How Often Organizations Review Their Risk Management Plan
PRO TIP: Organizations need to regularly review their risk management plan (e.g., monthly). Consider setting a monthly calendar reminder to review your risk management plan.
- 58% Never
- 31% Don’t know
- 10% Annually
- 0% Semi-annually
- 0% Quarterly
- 1% Monthly
- 15% Never
- 30% Don’t know
- 34% Annually
- 4% Semi-annually
- 10% Quarterly
- 7% Monthly
- 77% increase in organizations that don’t conduct a risk analysis
- 63% decrease in organizations that conduct a risk analysis at least annually
- 143% increase in organizations that don’t have a risk management plan in place
- 287% increase in organizations that never review their risk management plan