The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for UNC-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk.
The HIPAA Security Rule “Risk Analysis” standard § 164.308(a)(1)(ii)(A) requires a periodic review and updates to security risk analysis. This analysis should be an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by UNC-CH School of Medicine. A HIPAA Security Rule risk assessment was conducted in 2018 and remediation efforts are ongoing.