HIPAA TIPS: Implementing a Security Management Process – Part 2

Tech Tips > HIPAA IT Security > HIPAA TIPS: Implementing a Security Management Process – Part 2

HIPAA TIPS: Implementing a Security Management Process – Part 2

Healthcare IT Services iconDocument Your Process, Findings, and Actions

The HIPAA Security Rule requires you to document your risk analysis and HIPAA-related policies, procedures, reports, and activities. Also, if you are attesting for Meaningful Use, you are required to retain all records that support attestation.

Review Existing Security of ePHI (Perform Security Risk Analysis)

In the risk analysis process, you assess potential threats and vulnerabilities to the confidentiality, integrity, and availability of ePHI. The findings inform your risk mitigation strategy. A professional can plan and implement your risk analysis, but you will need to oversee the process. See the SRA Tool for guidance.

Develop an Action Plan

Using the results from your risk analysis, discuss and develop an action plan. Learn more in Chapter 6 of the Guide [PDF – 569 KB].

Source: HealthIT.gov

Leave A Comment

All fields marked with an asterisk (*) are required