FacebookTwitterLinkedInEmailPrint
This entry is part 18 of 59 in the series Complete Guide to HIPAA Security Final Rule

(ii) Implementation specifications:

 (B) Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a).

Tell Me More:

The Risk Management implementation specification requires covered entities to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

Security professionals generally define risk management as a process for identifying, selecting, and implementing controls, countermeasures, reporting, and verification to achieve an appropriate level of risk at an acceptable cost. Effective risk management requires leadership and accountability—without these key individual attributes, a risk management exercise is generally doomed.

Someone must be accountable and have the ability to make complex and often difficult decisions. This individual will ultimately determine what level of threat and risk is appropriate and acceptable. This individual is also generally able to allocate resources for achieving the target levels.

Risk Management requires covered entities to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

A complete set of HIPAA Security Policies and Procedures may be purchased here.

References:

Series Navigation<< 164.312(c)(1) Technical safeguards – Standard: Integrity164.316(b)(2)(ii) Standard: Documentation – Availability >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.
 
FacebookTwitterLinkedInEmailPrint