The Security Risk Analysis is to provide a detailed understanding of the organization's risks to Confidentiality, Integrity, and Availability of e-PHI. The Security Risk Analysis is to include:
Vulnerability
Threats
Risks
Elements of a Risk Analysis
Scope of the Analysis
Data Collection
Identification and Documentation of Potential Threats and Vulnerabilities
Assessment of Current Security Measures
Likelihood of Threat Occurrence
Potential Impact of Threat Occurrence
Level of Risks
Final Documentation
Periodic Review and Updates to the Risk Assessment
45 CFR § 164.308 - Administrative safeguards.
コメント