Systemwide Coordination of UC Health Affiliate Security Risk Assessment

Rebecca Nguyen / Linda Janiszewski
-
Proctor

The UC Health locations are forging partnerships with community hospitals and physician practices to host their respective Electronic Medical Record (EMR) systems. Because these partnerships, often referred to as Community Connect Partners, will have access to UC’s systems containing ePHI, a UC Health sponsored due diligence Security Risk Assessment (SRA) is required to inform the location of potential security weaknesses and risks before implementation.  The UC Health sponsored SRA is a standard component of the Community Connect Partners master services agreement, or contract, and this process will ensure UC Health locations consistently approach risk management with these partners.  The Cyber-Risk Coordination Center (C3) coordinates this effort across UC Health. This presentation will provide an overview of the coordination activities including coordination with UC Health locations for a statement of work with the vendor, tracking the SRA work, tracking progress of remediation activities, and coordination of on-going annual re-assessments.