The document discusses the importance of completing a proper Security Risk Assessment and generating an accurate Corrective Action Plan for healthcare organizations. A Corrective Action Plan identifies vulnerable areas, provides a way to track remediation efforts, and maps risks back to infrastructure to prioritize fixes. It is a living document that is updated as tasks are completed. By addressing these two key items, an organization can develop a strategy to mitigate the majority of its vulnerabilities. Equally important is assigning someone to follow through by completing outstanding tasks and updating the Corrective Action Plan regularly.