1670.040 Responsibility for Conducting Risk Assessments for Electronic Protected Health Information


Florida International University departments and units that create, maintain or transmit electronic protected health information shall perform an accurate and thorough risk assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information maintained or transmitted through them. 

This risk assessment shall be updated periodically and shall demonstrate, at a minimum, the level of risk associated with each potential vulnerability exploitation; steps to be taken to reduce the risk of vulnerability exploitation; and process for maintaining no more than the acceptable level of risk.

Published on 2009-08-31

Administrative Oversight & Contact Information

IT Security Office

Helvetiella Longoria

Interim Chief Info Sec Offic

11200 S.W. 8th Street PC 245 Miami FL 33199
  • Phone: 305-348-3591

Related Subjects