With the number of breaches growing on the HHS “Wall of Shame”, and over 3% of the American public having Protected Health Information impermissably disclosed, organizations are now focusing their efforts on preventing breaches. We’ve encouraged you to work on your plan … now!
Many of you asked: What are the most important elements of a breach notification plan?
Think of a four-point compass – there are four key elements of any solid risk management or security plan and they are:
- Policy – the articulation of your values and standards as an organization regarding expected behaviors – the “what” of your plan
- Procedures – the detailed processes or steps that are followed on a day-by-day basis to, first and foremost PREVENT breaches AND then to intake and triage incidents AND finally, the detailed steps to be followed in the event of an actual breach –
… the “how” of your plan
- People – INTERNALLY, these include an engaged and supportive executive team, an aware and informed workforce, a triage team; and, the crisis management team. EXTERNALLY, these include all data trading partners (covered entities, Business Associates and subcontractors)
- Technology – in addition to technology to “secure” PHI, organizations should consider using technology for incident management and breach reporting; e.g., appropriate office tools, homegrown software or COTS
- Read more on HealthInfoSecurity.com: Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk …
- Download the 15-minute Podcast
- Register for our upcoming webinar on 5/18/2011 – How To Establish Your Data Breach Notification Program
- Join our new AboutHIPAA LinkedIn Group – http://abouthipaali.org/
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017