1670.040 Responsibility for Conducting Risk Assessments for Electronic Protected Health Information
Florida International University departments and units that create, maintain or transmit electronic protected health information shall perform an accurate and thorough risk assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information maintained or transmitted through them.
This risk assessment shall be updated periodically and shall demonstrate, at a minimum, the level of risk associated with each potential vulnerability exploitation; steps to be taken to reduce the risk of vulnerability exploitation; and process for maintaining no more than the acceptable level of risk.
Published on 2009-08-31
Administrative Oversight & Contact Information
Interim Chief Info Sec Offic
- Phone: 305-348-3591