71750 The paper provides supporting work for the risk management plan as well as the counterarguments to it. In the end, the conclusion establishes the need for a risk management plan. The rights of the people seeking health care have been the subject of much debate over the past decades. One of the rights of the patients is to access their health information and to modify it if it is deemed to have any discrepancy. Several legislations have been passed to grant the patients their due rights and to protect the abuse of medical information and health records of the patients. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by President Clinton. The Act has two aspects: it provides confidentiality to the records of the patients and prevents fraud and abuse and it makes sure that insurance and health care is portable. Health information refers to the information, either stored in any form or oral. it is given to a health care provider and is related to the past, present and future state of health of an individual. The Privacy rules and the Act regulate what information regarding the health of an individual can be used and disclosed. This information is known as the protected health information (PHI), and organizations which are liable to conform to the Privacy rules are called covered entities. The Designated Record Set (DRS) refers to the group of health records that have been maintained by the covered entities, including the medical and billing information of the patients, enrollment, claims adjudication, as well as the medical record management systems, used for health plans. Its utility is for decision making about individuals. All hospitals, clinics and other healthcare providers are required to comply with the HIPAA. Failing to do so can have dire consequences for the individuals involved.