3.4 Risk Analysis

As mentioned in the HIPAA security rule, covered entities must evaluate the likelihood and impact of potential risks to the confidentiality of electronic PHI maintained in and transmitted using portable devices.

Policy

It is the policy of Home and Community Options, Inc., to evaluate the likelihood and impact of potential risks at least annually or whenever events require, such as a change in the physical location of the organization or the occurrence of a security breach.

Procedure

The procedure for conducting a risk analysis is contained in appendix B.