Protection of HIS requires management of potential risk through ______.

Protecting a health information system hinges on creating a secure operating environment where data can be stored, processed, and shared safely. Managing potential risk means building and maintaining a robust infrastructure—the hardware, software, networks, databases, endpoints, and the security controls that tie them together. This infrastructure provides the practical foundation to enforce access controls, ensure data integrity, protect confidentiality, and maintain availability, including secure configurations, patch management, monitoring, and disaster recovery. Without a solid infrastructure, even strong policies or encryption lose their effectiveness because there’s no dependable environment to implement them. Encryption is an important protective measure, but it’s one piece of the broader infrastructure; governance and policies guide what should be done, but the actual risk management happens through the secure, resilient infrastructure that makes protections possible.