ABSTRACT
This chapter explores information security risk management concepts and issues associated with the use of health information for Health information exchanges, regional health information organizations, and personal health record. The typical practitioner for a single healthcare enterprise makes risk management choices by considering the costs and benefits of various choices available to him or her. Managing the risk of inappropriate protected health information (PHI) disclosure in an health information networks (HIN) will have to be done in a way that will satisfy each of the parties involved. Data integrity and availability also take on new levels of risk in an HIN. Data come from more sources, are available to more users, and provide more functionality than data in a single institution. Many HINs include among their services the idea of maintaining comprehensive longitudinal health records of individuals’ health information.
