In order to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted. One requirement of HITECH is that covered entities must complete a risk assessment of their protected health information (PHI). The aim of this assessment is to identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI. A risk management plan can then be put into place to mitigate any identified risks. PHs 6349, “Risk Assessment Process for Electronic Protected Health Information” and 6351, “Risk Management Plan for Electronic Protected Health Information” are both specific to HIPAA and provide direction on how to complete a risk assessment and develop a risk management plan. In this blog post, we will discuss these two documents in more detail.
| Question | Answer |
|---|---|
| Form Name | Form Phs 6349 |
| Form Length | 2 pages |
| Fillable? | No |
| Fillable fields | 0 |
| Avg. time to fill out | 30 sec |
| Other names | ORI, PHS, PRA, phs 6349 |
