As OCR promises more fines, two CIOs offer tips on risk assessments.

"I don't do risk assessments; I assess risk," said Sharon Finney, corporate data security officer at Adventist Health System, speaking Thursday at the Healthcare IT News/HIMSS Media Privacy & Security Forum in Boston.

There's a difference. One happens on a daily basis. The other might happen a time or two each each year. A risk assessment, said Finney, sounds like something that "has a beginning and an end, and it doesn't."

read more

As OCR promises more fines, two CIOs offer tips on risk assessments.

Read more: As OCR promises more fines two CIOs offer tips on risk assessments