A risk assessment will be performed every two years year with coordination of the NCSA Security Office and the NCSA HIPAA liaisonLiaison. Exceptions to this include (i) substantial infrastructure/environment changes that would require a new impact analysis and (ii) a security incident that warrants reevaluation of risks.

A risk assessment performed.
Findings are submitted to the NCSA Security Office within 30 days, and the Security Office forwards it to the HIPAA liaisonLiaison.
The NCSA Security Office works with the project(s) to remediate vulnerabilities and mitigate risks within 90 days of finishing the assessment. If this is not possible for all risks, an exemption must be requested in writing to the Security Office and HIPAA liaisonLiaison.
Remediation activities are documented in a remediation plan.
The remediation plan is sent to the Security Office, who sends it to the HIPAA liaisonLiaison.

Privacy

All data from the risk assessment is kept confidential and not shared without written approval from the NCSA Security Office and HIPAA liaisonLiaison.

Consequences

Violations can result in disciplinary action as described in the University of Illinois HIPAA policies.

Space shortcuts

Child pages

Versions Compared

Old Version 5

New Version 6

Key

Privacy

Consequences

Space shortcuts

Child pages

Page History

Versions Compared

Old Version 5

New Version 6

Key

Privacy

Consequences