{"id":11670,"date":"2022-01-03T12:34:07","date_gmt":"2022-01-03T17:34:07","guid":{"rendered":"https:\/\/www.med.unc.edu\/it\/?p=11670"},"modified":"2022-01-03T12:42:20","modified_gmt":"2022-01-03T17:42:20","slug":"hipaa-security-rule-risk-assessment","status":"publish","type":"post","link":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","title":{"rendered":"HIPAA Security Rule Risk Assessment"},"content":{"rendered":"

\"HIPAA<\/p>\n

The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for UNC-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk.<\/p>\n

The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security risk analysis. This analysis should be an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by UNC-CH School of Medicine. A HIPAA Security Rule risk assessment was conducted in 2018 and remediation efforts are ongoing.<\/p>\n","protected":false},"excerpt":{"rendered":"

The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for UNC-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security … Read more<\/a><\/p>\n","protected":false},"author":25369,"featured_media":11671,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"layout":"","cellInformation":"","apiCallInformation":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[41],"tags":[],"class_list":["post-11670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pmo-success-stories","odd"],"acf":[],"yoast_head":"\nHIPAA Security Rule Risk Assessment | Information Technology<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Security Rule Risk Assessment | Information Technology\" \/>\n<meta property=\"og:description\" content=\"The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for UNC-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security … Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Technology\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-03T17:34:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-03T17:42:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"737\" \/>\n\t<meta property=\"og:image:height\" content=\"306\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Amy Cole\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amy Cole\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"},\"author\":{\"name\":\"Amy Cole\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69\"},\"headline\":\"HIPAA Security Rule Risk Assessment\",\"datePublished\":\"2022-01-03T17:34:07+00:00\",\"dateModified\":\"2022-01-03T17:42:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"},\"wordCount\":109,\"publisher\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"articleSection\":[\"PMO Success Stories\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\",\"url\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\",\"name\":\"HIPAA Security Rule Risk Assessment | Information Technology\",\"isPartOf\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"datePublished\":\"2022-01-03T17:34:07+00:00\",\"dateModified\":\"2022-01-03T17:42:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage\",\"url\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"contentUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg\",\"width\":737,\"height\":306,\"caption\":\"HIPAA logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.med.unc.edu\/it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Security Rule Risk Assessment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#website\",\"url\":\"https:\/\/www.med.unc.edu\/it\/\",\"name\":\"School of Medicine IT\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.med.unc.edu\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#organization\",\"name\":\"UNC School of Medicine Information Technology\",\"url\":\"https:\/\/www.med.unc.edu\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png\",\"contentUrl\":\"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png\",\"width\":1217,\"height\":151,\"caption\":\"UNC School of Medicine Information Technology\"},\"image\":{\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69\",\"name\":\"Amy Cole\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/568a02f067be82562ed6e077b71e271d429b03d88e61efa871d58cdba12b2a75?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/568a02f067be82562ed6e077b71e271d429b03d88e61efa871d58cdba12b2a75?s=96&d=mm&r=g\",\"caption\":\"Amy Cole\"},\"description\":\"CENTER FOR GLOBAL INITIATIVES\",\"url\":\"https:\/\/www.med.unc.edu\/it\/author\/coleac\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HIPAA Security Rule Risk Assessment | Information Technology","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Security Rule Risk Assessment | Information Technology","og_description":"The purpose of this security risk analysis was to re-evaluate the effectiveness of the security controls for UNC-CH School of Medicine systems that contain both sensitive and e-PHI data and recommend corrective actions to reduce the overall risk. The HIPAA Security Rule \u201cRisk Analysis\u201d standard \u00a7 164.308(a)(1)(ii)(A) requires a periodic review and updates to security … Read more","og_url":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","og_site_name":"Information Technology","article_published_time":"2022-01-03T17:34:07+00:00","article_modified_time":"2022-01-03T17:42:20+00:00","og_image":[{"width":737,"height":306,"url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","type":"image\/jpeg"}],"author":"Amy Cole","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amy Cole","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#article","isPartOf":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"},"author":{"name":"Amy Cole","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69"},"headline":"HIPAA Security Rule Risk Assessment","datePublished":"2022-01-03T17:34:07+00:00","dateModified":"2022-01-03T17:42:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"},"wordCount":109,"publisher":{"@id":"https:\/\/www.med.unc.edu\/it\/#organization"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","articleSection":["PMO Success Stories"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","url":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/","name":"HIPAA Security Rule Risk Assessment | Information Technology","isPartOf":{"@id":"https:\/\/www.med.unc.edu\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","datePublished":"2022-01-03T17:34:07+00:00","dateModified":"2022-01-03T17:42:20+00:00","breadcrumb":{"@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#primaryimage","url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","contentUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","width":737,"height":306,"caption":"HIPAA logo"},{"@type":"BreadcrumbList","@id":"https:\/\/www.med.unc.edu\/it\/hipaa-security-rule-risk-assessment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.med.unc.edu\/it\/"},{"@type":"ListItem","position":2,"name":"HIPAA Security Rule Risk Assessment"}]},{"@type":"WebSite","@id":"https:\/\/www.med.unc.edu\/it\/#website","url":"https:\/\/www.med.unc.edu\/it\/","name":"School of Medicine IT","description":"","publisher":{"@id":"https:\/\/www.med.unc.edu\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.med.unc.edu\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.med.unc.edu\/it\/#organization","name":"UNC School of Medicine Information Technology","url":"https:\/\/www.med.unc.edu\/it\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png","contentUrl":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2019\/03\/InformationTechnology_logo_rgb_h.png","width":1217,"height":151,"caption":"UNC School of Medicine Information Technology"},"image":{"@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/2b2510220d98cb21b846151631ef4b69","name":"Amy Cole","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.med.unc.edu\/it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/568a02f067be82562ed6e077b71e271d429b03d88e61efa871d58cdba12b2a75?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/568a02f067be82562ed6e077b71e271d429b03d88e61efa871d58cdba12b2a75?s=96&d=mm&r=g","caption":"Amy Cole"},"description":"CENTER FOR GLOBAL INITIATIVES","url":"https:\/\/www.med.unc.edu\/it\/author\/coleac\/"}]}},"featured_image":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_medium":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry-300x125.jpg","featured_image_medium_large":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_large":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry.jpg","featured_image_thumbnail":"https:\/\/www.med.unc.edu\/it\/wp-content\/uploads\/sites\/477\/2022\/01\/HIPAA-industry-150x150.jpg","featured_image_alt":"HIPAA logo","category_details":[{"name":"PMO Success Stories","link":"https:\/\/www.med.unc.edu\/it\/category\/pmo-success-stories\/"}],"tag_details":[],"_links_to":[],"_links_to_target":[],"_links":{"self":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts\/11670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/users\/25369"}],"replies":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/comments?post=11670"}],"version-history":[{"count":0,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/posts\/11670\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/media\/11671"}],"wp:attachment":[{"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/media?parent=11670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/categories?post=11670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.med.unc.edu\/it\/wp-json\/wp\/v2\/tags?post=11670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}