Educause Security Discussion mailing list archives

Implementing risk analysis process to meet HIPAA security requirements

From: David Grisham <DGrisham () SALUD UNM EDU>
Date: Mon, 12 Jan 2004 15:23:06 -0700

I would appreciate anyone who has already implemented a university wide
or
health science center level risk analysis process at their institution
to
send any observations about implementing the process.  A fairly
straightforward web form can be put into place.
Where I anticipate the problems are in the education of the owners of
Electronic Protected Health Information (EPHI) and the integration of
the
process throughout the IT enterprise.
I will summarize all replies.
Cheers. --grish
David D. Grisham, Ph.D., CISM
Adjunct Faculty, Computer Science Department, UNM
Information Security Manager,
UNM Hospitals, Ph: (505) 272-5657 FAX 272-3305
1650 University Blvd, suite 500 Albuquerque, NM 87102
e-mail business: dgrisham () salud unm edu
other personal or academic: dave () unm edu


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Implementing risk analysis process to meet HIPAA security requirements David Grisham (Jan 12)
- <Possible follow-ups>
- Re: Implementing risk analysis process to meet HIPAA security requirements Craig Blaha (Jan 13)
- Re: Implementing risk analysis process to meet HIPAA security requirements Gordon D. Wishon (Jan 13)