A couple of weeks ago, we did a podcast hosted by HealthcareInfoSecurity.com’s Executive Editor, Howard Anderson.  During that interview, Howard asked “Are there any other lessons we can learn from the notification experiences of those organizations that have experienced major breaches?” Here’s how I responded to what we’re learning from early enforcement of the interim final breach notification rule…. There are quite a number of lessons-learned, but here are three top-of-mind big ones:

  1. Get proactive and stay proactive; set business risk management goals; commission a team and do your security evaluation and your risk analysis so you can secure your PHI.  Build your Breach Notification Plan.
  2. Cooperate fully with affected individuals, the Office for Civil Rights and local media.  As I mentioned above, bad news doesn’t age well.
  3. Fire up / resurrect / revitalize your entire HIPAA Security Compliance program – demonstrate, genuine good-faith effort to comply so as to avoid findings of “willful neglect”.  Remember Breach Notification doesn’t exist in isolation, it is HIPAA-HITECH “pillar” right alongside the Privacy and Security Rules.

Learn more…

  1. Read more on HealthInfoSecurity.com: Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk 
  2. Download the 15-minute Podcast
  3. Join our new AboutHIPAA LinkedIn Group – http://abouthipaaLI.org/

See our list of upcoming live webinars, or check out our on-demand webinars with resources you may have missed.

Series Navigation<< Breach Notification Planning Tips – Notification LettersBreach Notification Planning Tips – Know Your Burden of Proof >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.