With the number of breaches growing on the HHS “Wall of Shame”, and over 3% of the American public having Protected Health Information impermissably disclosed, organizations are now focusing their efforts on preventing breaches. We’ve encouraged you to work on your plan … now!
Many of you asked: What are the most important elements of a breach notification plan?
Think of a four-point compass – there are four key elements of any solid risk management or security plan and they are:
- Policy – the articulation of your values and standards as an organization regarding expected behaviors – the “what” of your plan
- Procedures – the detailed processes or steps that are followed on a day-by-day basis to, first and foremost PREVENT breaches AND then to intake and triage incidents AND finally, the detailed steps to be followed in the event of an actual breach –
… the “how” of your plan
- People – INTERNALLY, these include an engaged and supportive executive team, an aware and informed workforce, a triage team; and, the crisis management team. EXTERNALLY, these include all data trading partners (covered entities, Business Associates and subcontractors)
- Technology – in addition to technology to “secure” PHI, organizations should consider using technology for incident management and breach reporting; e.g., appropriate office tools, homegrown software or COTS
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.