Skip to main content
MRO’s Anthony Murray, CISSP, Vice President of Information Technology, offers insight on risk analysis.

Completing a risk analysis can be a tall order for most organizations. A significant amount of work is required before the risk analysis can even be started—and more work must be done afterward to address the vulnerabilities identified by the risk analysis.

Although the same requirements apply to all entities covered by HIPAA, whether they’re covered entities (CE) or business associates (BA), multistate health systems or new health IT startups, the type and structure of the organization will influence how the risk analysis plays out. A smaller organization might have fewer data assets but could also have fewer staff available to conduct the risk analysis. Or, a BA might work with multiple CEs, each with different processes and
expectations for the risk analysis.

A thorough, compliant risk analysis is a cornerstone of a sound security program. Although the scope of a risk analysis might appear daunting, security officers can turn to HIPAA’s guidance to structure preparation, execution, and follow-up.

Anthony Murray

In his role as Chief Interoperability Officer, Murray oversees MRO’s strategic initiatives related to accelerating clinical data exchange. In addition to overseeing the clinical data exchange team, Anthony also is responsible for the interoperability, systems integrations, and security teams, to utilize advanced technologies to deliver secure, meaningful information exchange. Anthony, as a Certified Information Systems Security Professional (CISSP), serves as the company’s Information Systems Security Officer (ISSO) and is positioned to provide common oversight of the security of MRO’s clinical data exchange. He partners closely with MRO’s privacy, compliance and innovation thought leaders, to assess all areas of the clinical data exchange and to provide value through modern, secure technologies. Anthony has over 20 years of experience in technology and security supporting the healthcare industry vertical, including release of information, clinical manufacturing and pharmaceuticals.

More Posts