We surveyed 363 healthcare professionals responsible for HIPAA compliance (69 in 2019, 82 in 2018, and 212 in 2017) about their risk management processes, focusing on their risk analysis and risk management plan efforts. This infographic is an analysis of their collected responses.
2019 Summary
58% of organizations have conducted a risk analysis.
57% of organizations conduct a risk analysis at least annually.
56% of organizations have a risk management plan in place.
60% of organizations review their risk management plan at least annually.
Organizations Conduct a Formal Risk Analysis
PRO TIP: Organizations need to conduct a formal risk analysis in order to know how to prepare for and protect against cyber-attacks.
2019 Data
28% No
14% Don’t know
58% Yes
2018 Data
46% No
25% Don’t know
29% Yes
2017 Data
26% No
29% Don’t know
45% Yes
How Often Organizations Conduct a Risk Analysis
PRO TIP: HIPAA requires organizations to regularly conduct a risk analysis (e.g., annually).
2019 Data
28% Never
14% Don’t know
1% Every other year
52% Annually
5% Semi-annually
2018 Data
49% Never
24% Don’t know
9% Every other year
17% Annually
1% Semi-annually
2017 Data
19% Never
30% Don’t know
3% Every other year
39% Annually
9% Semi-annually
Organizations Have a Formal Risk Management Plan
PRO TIP: HIPAA requires organizations to create a risk management plan annually.
2019 Data
35% No
9% Don’t know
56% Yes
2018 Data
51% No
32% Don’t know
17% Yes
2017 Data
21% No
35% Don’t know
44% Yes
How Often Organizations Review Their Risk Management Plan
PRO TIP: Organizations need to regularly review their risk management plan (e.g., monthly). Consider setting a monthly calendar reminder to review your risk management plan.
2019 Data
38% Never
2% Don’t know
48% Annually
7% Semi-annually
0% Quarterly
5% Monthly
2018 Data
58% Never
31% Don’t know
10% Annually
0% Semi-annually
0% Quarterly
1% Monthly
2017 Data
15% Never
30% Don’t know
34% Annually
4% Semi-annually
10% Quarterly
7% Monthly
HIPAA Takeaways Since 2017
29% increase in organizations that conduct a risk analysis.
19% increase in organizations that conduct a risk analysis at least annually.
27% increase in organizations that have a risk management plan.
9% increase in organizations that review their risk management plan at least annually.
We surveyed 294 healthcare professionals responsible for HIPAA compliance (82 from 2018 and 212 in 2017) about their risk management processes, focusing on their risk analysis and risk management plan efforts. This infographic is an analysis of their collected responses.
2018 Summary
29% of organizations have conducted a risk analysis.
18% of organizations conduct a risk analysis at least annually.
17% of organizations have a risk management in place.
11% of organizations review their risk management plan at least annually.
Organizations Conduct a Formal Risk Analysis
PRO TIP: Organizations need to conduct a formal risk analysis in order to know how to prepare for and protect against cyber-attacks.
2018 Data
46% No
25% Don’t know
29% Yes
2017 Data
26% No
29% Don’t know
45% Yes
How Often Organizations Conduct a Risk Analysis
PRO TIP: HIPAA requires organizations to regularly conduct a risk analysis (e.g., annually).
2018 Data
49% Never
24% Don’t know
9% Every other year
17% Annually
1% Semi-annually
2017 Data
19% Never
30% Don’t know
3% Every other year
39% Annually
9% Semi-annually
Organizations Have a Formal Risk Management Plan
PRO TIP: HIPAA requires organizations to create a risk management plan annually.
2018 Data
51% No
32% Don’t know
17% Yes
2017 Data
21% No
35% Don’t know
44% Yes
How Often Organizations Review Their Risk Management Plan
PRO TIP: Organizations need to regularly review their risk management plan (e.g., monthly). Consider setting a monthly calendar reminder to review your risk management plan.
2018 Data
58% Never
31% Don’t know
10% Annually
0% Semi-annually
0% Quarterly
1% Monthly
2017 Data
15% Never
30% Don’t know
34% Annually
4% Semi-annually
10% Quarterly
7% Monthly
Takeaways
77% increase in organizations that don’t conduct a risk analysis
63% decrease in organizations that conduct a risk analysis at least annually
143% increase in organizations that don’t have a risk management plan in place
287% increase in organizations that never review their risk management plan
.svg)
