Under the HIPAA Security Rule, covered entities must implement safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. To this end, the HIPAA Security Rule requires covered entities to perform a security risk analysis (also known as security risk assessment), which the Security Rule defines as an “accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.” Scans known as vulnerability scans may be performed to identify known vulnerabilities in applications, networks, and firewalls.
Vulnerabilities are weaknesses which, if triggered or exploited by a threat, create a risk of improper access to or disclosure of ePHI. Vulnerability scans are scans designed to identify vulnerabilities, or weaknesses, that have the potential to cause a security incident.
[…]
This is an excerpt of a previously published article.