A couple of weeks ago, we did a podcast hosted by HealthcareInfoSecurity.com’s Executive Editor, Howard Anderson. During that interview, Howard asked “Are there any other lessons we can learn from the notification experiences of those organizations that have experienced major breaches?” Here’s how I responded to what we’re learning from early enforcement of the interim final breach notification rule…. There are quite a number of lessons-learned, but here are three top-of-mind big ones:
- Get proactive and stay proactive; set business risk management goals; commission a team and do your security evaluation and your risk analysis so you can secure your PHI. Build your Breach Notification Plan.
- Cooperate fully with affected individuals, the Office for Civil Rights and local media. As I mentioned above, bad news doesn’t age well.
- Fire up / resurrect / revitalize your entire HIPAA Security Compliance program – demonstrate, genuine good-faith effort to comply so as to avoid findings of “willful neglect”. Remember Breach Notification doesn’t exist in isolation, it is HIPAA-HITECH “pillar” right alongside the Privacy and Security Rules.
- Read more on HealthInfoSecurity.com: Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk …
- Download the 15-minute Podcast
- Join our new AboutHIPAA LinkedIn Group – http://abouthipaaLI.org/
See our list of upcoming live webinars, or check out our on-demand webinars with resources you may have missed.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017