4-What must you include in your SRA documentation?

HIPAA Covered Entities and Business Associates must include in their SRA documentation possible threats and vulnerabilities which they will assign impact and likelihood ratings to. This allows them to determine severity. They must develop corrective action plans as needed to mitigate identified security deficiencies according to which threats and vulnerabilities are most severe. NEXT >