Common use of Security Management Process Clause in Contracts

Security Management Process. 1. Skagit County shall conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered health care components of Skagit County as identified in its hybrid entity documentation approved by HHS. Skagit County shall implement security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level. 2. Within 120 days of HHS’s approval of its hybrid entity documentation under section V.C., above, Skagit County shall provide its risk analysis and description of risk management measures (including implementation dates for such measures) to HHS for review and approval. Upon receiving any recommended changes to the risk analysis and description of risk management measures from HHS, Skagit County shall have 60 days to revise the risk analysis and description of risk management measures, and provide the revisions to HHS for review and approval.