Search the web
Sign In
New User? Sign Up
ShareHIPAA · Share HIPAA
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Message search is now enhanced, find messages faster. Take it for a spin.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
CMS FAQ #112 What are examples of some threats CE should address in   Message List  
Reply | Forward Message #287 of 641 |

The following answer has been forwarded from CMS Support Central.

You can view this answer at

http://questions.cms.hhs.gov/cgi-bin/cmshhs.cfg/php/enduser/std_adp.php?p_faqid=4738&p_created=1115242493

 

Other CMS provided Frequently Asked Questions (FAQ) can be found at http://www.cms.hhs.gov/hipaa/hipaa2/default.asp
Select "Frequently Asked Questions" From "General Information" menu. Regards, Share HIPAA

 

Summary
---------------------------------------------------------------
Question

What are some examples of threats that covered entities should address when conducting their risk analysis in order to comply with the Security Rule?

 

Answer
The risk analysis process will identify potential security risks to electronic protected health information (EPHI), also called threats. The threats a covered entity decides to address will depend on which threats would affect the confidentiality, integrity, and/or availability of electronic PHI. Threats may affect information (data) and systems.

The National Institute for Standards and Technology (NIST) provides information security guidance materials for federal agencies. Some NIST documents may not be relevant to small organizations, as they are intended more for large, governmental organizations. One such document, Special Publication (SP) 800-30, Risk Management Guide for Information Technology Systems categorizes threats into three common categories: Human, Natural, and Environmental. The list below is adapted from this NIST SP and is not comprehensive, but rather a sampling of possible threat categories and associated threats..

1. Natural: Floods, earthquakes, tornadoes, landslides, avalanches, electrical storms, and other such events.
2. Human: Events that are either enabled by or caused by human beings, such as unintentional acts (inadvertent data entry) or deliberate actions (network based attacks, malicious software upload, unauthorized access to confidential information).
3. Environmental: Long-term power failure, pollution, chemicals, and liquid leakage.

An example of a natural threat is the occurrence of a hurricane. Depending on the geographic location of the entity, the likelihood of that occurrence could be low, medium, or high, and one of the risks of the occurrence may be that the power could fail and the information systems could be unavailable. Based on the assessment conducted, the organization should develop a strategy to deal with the potential threat.

Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
Tue May 10, 2005 5:39 pm

Show Message Option
sharehipaa
Offline Offline
Send Email Send Email

Forward 		Message #287 of 641 |
Expand Messages Author Sort by Date

The following answer has been forwarded from CMS Support Central. You can view this answer at ... 		Share HIPAA
sharehipaa
Offline Send Email 		May 10, 2005
5:41 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help