The purpose of this proposal is to establish a consulting agreement for a HIPAA Security Risk Analysis in accordance with (45 CFR 164.308(a)(1)(ii)(A)) and the tools and resources to help BrightSpring / PharMerica accomplish additional HIPAA requirements to conduct Gap Assessments against the HIPAA Security Rule and the HIPAA Privacy & Breach Notification Rules.
Under the HIPAA Security Rule, BrightSpring / PharMerica is required to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity and availability of Electronic Protected Health Information (ePHI).