Archer Risk Assessment Process
Archer Risk Assessment Overview
In order to analyze potential risk and vulnerabilities to the confidentiality, integrity, or availability of ePHI throughout Emory, all systems that create, receive, maintain, or transmit ePHI (electronic Protected Health Information) must go through, at a minimum, an annual HIPAA Security Assessment.
As part of our annual HIPAA Security Assessment process, all assets that create, receive, maintain, and/or transmit ePHI are inventoried by using our standard ePHI Inventory Template. Any workstation, server, application, facility, network device, infrastructure device and/or mobile device that is considered in-scope for HIPAA will be evaluated and assessed.
What is ePHI?
As part of our annual HIPAA Security Assessment process, all assets that create, receive, maintain, and/or transmit ePHI are inventoried by using our standard ePHI Inventory Template. Any workstation, server, application, facility, network device, infrastructure device and/or mobile device that is considered in-scope for HIPAA will be evaluated and assessed.
Protected Health Information (PHI) is any information, whether oral or recorded in any form or medium, that:
- Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse and;
- Relates to:
- Past, present, or future physical or mental health or conditions of an individual
- The provision of health care to the individual
- Past, present, or future payment for the provision of health care
- And can be used to reasonably identify an individual