{"id":11670,"date":"2022-01-03T12:34:07","date_gmt":"2022-01-03T17:34:07","guid":{"rendered":"https:\/\/www.med.unc.edu\/it\/?p=11670"},"modified":"2022-01-03T12:42:20","modified_gmt":"2022-01-03T17:42:20","slug":"hipaa-security-rule-risk-assessment","status":"publish","type":"post","link":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","title":{"rendered":"HIPAA Security Rule Risk Assessment"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\" alt=\"HIPAA logo\" width=\"444\" height=\"221\" class=\"alignnone size-full wp-image-11671\" \/><\/p>\n<p>The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for 黑料网-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk.<\/p>\n<p>The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security risk analysis. This analysis should be an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by 黑料网-CH School of Medicine. A HIPAA Security Rule risk assessment was conducted in 2018 and remediation efforts are ongoing.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for 黑料网-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security &hellip; <a href=\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\" aria-label=\"Read more about HIPAA Security Rule Risk Assessment\">Read more<\/a><\/p>\n","protected":false},"author":25369,"featured_media":11671,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"layout":"","cellInformation":"","apiCallInformation":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[41],"tags":[],"class_list":["post-11670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pmo-success-stories","odd"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HIPAA Security Rule Risk Assessment | School of Medicine IT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Security Rule Risk Assessment | School of Medicine IT\" \/>\n<meta property=\"og:description\" content=\"The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for 黑料网-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security &hellip; Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\" \/>\n<meta property=\"og:site_name\" content=\"School of Medicine IT\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-03T17:34:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-03T17:42:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"737\" \/>\n\t<meta property=\"og:image:height\" content=\"306\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Amy Cole\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amy Cole\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"},\"author\":{\"name\":\"Amy Cole\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69\"},\"headline\":\"HIPAA Security Rule Risk Assessment\",\"datePublished\":\"2022-01-03T17:34:07+00:00\",\"dateModified\":\"2022-01-03T17:42:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"},\"wordCount\":109,\"publisher\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"articleSection\":[\"PMO Success Stories\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\",\"url\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\",\"name\":\"HIPAA Security Rule Risk Assessment | School of Medicine IT\",\"isPartOf\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"datePublished\":\"2022-01-03T17:34:07+00:00\",\"dateModified\":\"2022-01-03T17:42:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\",\"url\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"contentUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"width\":737,\"height\":306,\"caption\":\"HIPAA logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.med.unc.edu\/it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Security Rule Risk Assessment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#website\",\"url\":\"https:\/\/www.med.unc.edu\/it\/\",\"name\":\"School of Medicine IT\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.med.unc.edu\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\",\"name\":\"黑料网 Information Technology\",\"url\":\"https:\/\/www.med.unc.edu\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png\",\"contentUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png\",\"width\":1217,\"height\":151,\"caption\":\"黑料网 Information Technology\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69\",\"name\":\"Amy Cole\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5769adc8be13bb52407de2ee05c533df?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5769adc8be13bb52407de2ee05c533df?s=96&d=mm&r=g\",\"caption\":\"Amy Cole\"},\"description\":\"CENTER FOR GLOBAL INITIATIVES\",\"url\":\"https:\/\/www.med.unc.edu\/it\/author\/coleac\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HIPAA Security Rule Risk Assessment | School of Medicine IT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Security Rule Risk Assessment | School of Medicine IT","og_description":"The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for 黑料网-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security &hellip; Read more","og_url":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","og_site_name":"School of Medicine IT","article_published_time":"2022-01-03T17:34:07+00:00","article_modified_time":"2022-01-03T17:42:20+00:00","og_image":[{"width":737,"height":306,"url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","type":"image\/jpeg"}],"author":"Amy Cole","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amy Cole","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#article","isPartOf":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"},"author":{"name":"Amy Cole","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69"},"headline":"HIPAA Security Rule Risk Assessment","datePublished":"2022-01-03T17:34:07+00:00","dateModified":"2022-01-03T17:42:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"},"wordCount":109,"publisher":{"@id":"https:\/\/www.med.unc.edu\/it\/#organization"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","articleSection":["PMO Success Stories"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","url":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","name":"HIPAA Security Rule Risk Assessment | School of Medicine IT","isPartOf":{"@id":"https:\/\/www.med.unc.edu\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","datePublished":"2022-01-03T17:34:07+00:00","dateModified":"2022-01-03T17:42:20+00:00","breadcrumb":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage","url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","contentUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","width":737,"height":306,"caption":"HIPAA logo"},{"@type":"BreadcrumbList","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.med.unc.edu\/it\/"},{"@type":"ListItem","position":2,"name":"HIPAA Security Rule Risk Assessment"}]},{"@type":"WebSite","@id":"https:\/\/www.med.unc.edu\/it\/#website","url":"https:\/\/www.med.unc.edu\/it\/","name":"School of Medicine IT","description":"","publisher":{"@id":"https:\/\/www.med.unc.edu\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.med.unc.edu\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.med.unc.edu\/it\/#organization","name":"黑料网 Information Technology","url":"https:\/\/www.med.unc.edu\/it\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png","contentUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png","width":1217,"height":151,"caption":"黑料网 Information Technology"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69","name":"Amy Cole","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5769adc8be13bb52407de2ee05c533df?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5769adc8be13bb52407de2ee05c533df?s=96&d=mm&r=g","caption":"Amy Cole"},"description":"CENTER FOR GLOBAL INITIATIVES","url":"https:\/\/www.med.unc.edu\/it\/author\/coleac\/"}]}},"featured_image":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_medium":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry-300x125.jpg","featured_image_medium_large":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_large":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_thumbnail":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry-150x150.jpg","featured_image_alt":"HIPAA logo","category_details":[{"name":"PMO Success Stories","link":"https:\/\/www.med.unc.edu\/it\/category\/pmo-success-stories\/"}],"tag_details":[],"_links_to":[],"_links_to_target":[],"_links":{"self":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts\/11670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/users\/25369"}],"replies":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/comments?post=11670"}],"version-history":[{"count":2,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts\/11670\/revisions"}],"predecessor-version":[{"id":11673,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts\/11670\/revisions\/11673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/media\/11671"}],"wp:attachment":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/media?parent=11670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/categories?post=11670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/tags?post=11670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}