Description
Annual security risk assessment required under HIPAA Security Rule. Must identify risks to ePHI confidentiality, integrity, and availability.
Requirements
- Identify all ePHI assets
- Assess current security measures
- Identify threats and vulnerabilities
- Determine risk levels
- Document remediation plans
Applicable To
Healthcare ProvidersHealth PlansHealthcare ClearinghousesBusiness Associates
Penalty Information
âš HIPAA violations can result in fines from $100 to $50,000 per violation, up to $1.5 million per year per violation category.