UNM Health and Health Sciences (UNMHHS) employs this vulnerability risk assessment to appraise the risk associated with the proposed technology solution and: Evaluate the security risk, which is contingent upon threats, vulnerabilities, and security controls related to the requested technology's usage. Gain insight into the technology. Ascertain if the requested technology and proposed solution architecture will function securely within the UNMHHS System/Health Sciences environment. Undertake various technology reviews, such as assessing technology provided by another university partner. As a covered entity under HIPAA, UNMHHS mandates that technology undergo a security risk assessment to determine if its physical, administrative, and technical controls meet UNMHHS security standards before acceptance and use. This assessment is necessary even if the technology does not handle ePHI or other sensitive data, but may operate on the UNMHHS network where ePHI could be processed. UNMHHS Cybersecurity aims to ensure that the requested technology does not pose a risk to patient data by introducing vulnerabilities that could be exploited to breach other sensitive information. UNMHHS safeguards all personal information, with ePHI data being of utmost concern.
