10.4 TYPES OF RISK

There are, for the most part, three types of risks to consider when approaching HIPAA: mission risks, asset risks, and security risks. Mission risks involve risks that affect one's ability to get tasks or jobs done. Asset risks are the risks associated with the destruction of tangible assets, e.g. systems, medical record databases, buildings , and medical treatment systems, to name a few. Security risks are risks associated with access control and intangible assets. When unauthorized people obtain access to data they do not need to know, there exists the possibility to create intangible damage that may have the affect of crippling data or even people-either physically, professionally, personally , or emotionally. A patient's professional or personal reputation is an intangible asset. A patient's medical history is an intangible asset. A hospital's professional reputation is an intangible asset. A doctor's professional reputation is an intangible asset. Typically, intangible assets become at risk due to unauthorized access of information and facilities such as buildings, systems, networks, storage compartments, and databases. Since intangible assets are exploited primarily as a result of unauthorized access, intangible assets need to be associated with access and access controls.