Corporate Compliance

HIPAA security response procedures

Compliance Monitor, January 7, 2005

Q: How do I know whether my security incident-response procedures will work?

A: In short, you don't know until you either test them or have to use them during a real-world security incident. Make sure you do the former before the latter occurs.

When testing, it's best not to do anything that will crash any systems or otherwise put PHI at risk. If anything, perform simulation tests to see how people will respond, how you will move through the procedures, and how you will recover.

This question was answered by Kevin Beaver, CISSP, founder and principal consultant of the information security services firm Principle Logic, LLC, in Atlanta.

Most Popular