Health Information Management

Security incident response plans: The first step in mitigating potential risks

HIM-HIPAA Insider, September 8, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

With so many moving parts in a healthcare organization, privacy and security incidents are sometimes difficult to track and manage. The key to ensuring an organization is prepared in the event of an incident is to begin with a solid incident response plan that encompasses security and privacy and calls upon the diligence of the entire workforce.

Security incident plans are required under the HIPAA Security Rule, although little direction is provided in the rule itself, says Kate Borten, CISSP, CISM, founder of The Marblehead Group in Marblehead, Massachusetts. "You need to teach your workforce how to recognize something that might be a problem, report it to somebody internally, investigate it, figure it out, and deal with it to mitigate potential harm," Borten says.
Although the HIPAA Privacy Rule does not use the same language as the Security Rule where incident response plans are concerned, it states that organizations must be aware of privacy issues and must investigate and mitigate them, Borten adds.
The incident response plan may be confused with breach notification, but actually precedes and encompasses that process. "Everything starts off as an incident," says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager at Wipfli, LLP, in Eau Claire, Wisconsin. "We don't know if it's a breach until after we go through that risk analysis." But before you can begin the four-factor risk assessment or breach notification, you have to find out what type of event you have on your hands--this is when your incident response plan comes into play.
Continue reading "Security incident response plans: The first step in mitigating potential risks" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the September issue.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular