Health Information Management

Respond effectively to data breaches

HIM-HIPAA Insider, March 6, 2012

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

How your organization responds when breaches happen can make all the difference. If a breach occurs, you can't undo it, says Rebecca C. Fayed, Esq., associate general counsel and privacy officer at The Advisory Board Company in Washington, DC, but you can control how you move forward and prevent future occurrences. You need to collect as many facts as possible about what happened, she says.

Identify the following:

  • The facts surrounding the incident. For instance, did it involve a stolen or lost laptop computer, a backup tape, or a portable storage device? Was an e-mail or fax sent to a wrong recipient? Were paper records thrown in the trash?
  • Data elements. Did the incident involve names, addresses, phone numbers, PHI, Social Security numbers, or credit card numbers?
  • Number of people affected.
  • States in which affected people live and total affected people in each state.
  • Whether the information was encrypted.
  • Mitigate the harm and take corrective action. Ultimately, you want to be able to defend your organization's actions.

Editor’s note: Read the entire article in the March issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular