Information security in general practice

Prevention and risk assessment

Last revised: 21 Apr 2023

Prevention and risk assessment

Clinical and business information system risk assessments should be performed frequently and documented each time.

A structured risk assessment requires you to:

  • record the assets in your practice (an asset register] can be used to document your hardware, software and any other information systems)
  • perform a threat analysis
  • perform a measurement and analysis of your information security controls

Topics in this module:

Hidden risks