Framework of security policies necessary for compliance

A thorough HIPAA security risk analysis, risk management are the critical components of HIPAA compliance

  • Risk Analysis Policy
    The purpose is to conduct an accurate and thorough assessment of the risks and vulnerabilities to the confidentiality, integrity, and availability of sensitive information held by the organization.
  • Risk Management Policy
    The purpose is implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with impacted regulations.

Source :
http://www.phyllispatrick.com/wp-content/uploads/Checklist-HIPAA-HITECH-MU-Policies-2014A.pdf