© Eric C. Thompson 2017

Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_3

3. Selecting Security Measures

Eric C. Thompson

(1)Lisle, Illinois, USA

The risk assessment process requires management to select security measures designed to reduce risks to an acceptable level and protect ePHI, in accordance with the HIPAA Security Rule. No specific measures are prescribed by HHS or the OCR. Rather, it is up to the entity to define the measures that meet those objectives. Successful identification and implementation of security controls requires entities to consider the following:

  • Based on risk tolerance, determine the level of risk reduction required.

  • Based on the risk level, identify new, or ...

Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.