Corrective Action Obligations. The Covered Entity agrees to the following: A. Security Management Process 1. Within one year following the Effective Date the Covered Entity shall conduct a comprehensive, organizational-wide risk analysis of the ePHI security risks and vulnerabilities that incorporates all of the Covered Entity’s electronic media and systems. 2. The Covered Entity shall develop a risk management plan to address and mitigate any security risks and vulnerabilities following the risk analysis specified in paragraph
Appears in 2 contracts
Sources: Resolution Agreement, Resolution Agreement