Today most patients’ protected health information is stored electronically, so the risk of a breach of their electronic protected health information is very real. Eligible professionals must conduct or review a security risk analysis for each EHR reporting period to ensure the privacy and security of their patients’ protected health information.