====== Risk Assessments, Risk Management, Auditing, and Evaluation ======

==== University of Colorado Denver HIPPA Policy ====

The most secure SEHD data are subject to the [[http://www.ucdenver.edu/research/Research Administration Documents/9.3 Auditing.pdf|UCD Audiiting HIPPA policy]]. The policy states

> UCD shall assess potential risks and vulnerabilities by reviewing information system activity, and developing, implementing, and maintaining appropriate administrative, physical, and technical security measures in order to detect and minimize security violations involving ePHI. These protective measures give UCD the ability to identify unauthorized data access activities, assess security safeguards, and respond to potential weaknesses.