This entry is part 4 of 7 in the series Breach Planning Tips

With the number of breaches growing on the HHS “Wall of Shame”, and over 3% of the American public having Protected Health Information impermissably disclosed, organizations are now focusing their efforts on preventing breaches.  We’ve encouraged you to work on your plan … now!

Many of you asked: What are the most important elements of a breach notification plan?

Think of a four-point compass – there are four key elements of any solid risk management or security plan and they are:

  1. Policy – the articulation of your values and standards as an organization regarding expected behaviors – the “what” of your plan
  2. Procedures – the detailed processes or steps that are followed on a day-by-day basis to, first and foremost PREVENT breaches AND then to intake and triage incidents AND finally, the detailed steps to be followed in the event of an actual breach –
    … the “how” of your plan
  3. People – INTERNALLY, these include an engaged and supportive executive team, an aware and informed workforce, a triage team; and, the crisis management team.  EXTERNALLY, these include all data trading partners (covered entities, Business Associates and subcontractors)
  4. Technology – in addition to technology to “secure” PHI, organizations should consider using technology for incident management and breach reporting; e.g., appropriate office tools, homegrown software or COTS

Learn more…

  1. Read more on HealthInfoSecurity.com: Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk
  2. Download the 15-minute Podcast
  3. Register for our upcoming webinar on 5/18/2011 – How To Establish Your Data Breach Notification Program
  4. Join our new AboutHIPAA LinkedIn Group – http://abouthipaali.org/
Series Navigation<< Breach Notification Planning Tips – Three Biggest GapsBreach Notification Planning Tips – Notification Letters >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.