The purpose of the Risk Management Update Policy Program is:
- To establish our commitment to maintain a program that is updated based on current risks;
- To establish guidelines that will prompt a revision and update of the risk management plan based on changing variables;
- To ensure the security of the information and the systems managed by the organization.
Procedure: It is everyone’s responsibility to recognize the variables that shall require an update of the Risk Management Plan and to cooperate as needed to ensure the same is completed in a timely manner.
- The risk management plan shall be updated annually as part of our HIPAA Security actions.
- The risk management plan shall be updated whenever any of the following conditions occur:
- Risk assessment is completed;
- Significant change in the organization’s system or technology;
- Introduction or change of electronic medical records, billing manager or similar system;
- Introduction or change of system that requires patient information;
- Introduction or change of storage components (server, cloud or virtual servers);
- Replacement of computer systems or organization’s network;
- Unauthorized release of patient information;
- Audit identifying corrective actions.
