Security incident response plans: The first step in mitigating potential risks
HIM-HIPAA Insider, September 8, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
With so many moving parts in a healthcare organization, privacy and security incidents are sometimes difficult to track and manage. The key to ensuring an organization is prepared in the event of an incident is to begin with a solid incident response plan that encompasses security and privacy and calls upon the diligence of the entire workforce.
Security incident plans are required under the HIPAA Security Rule, although little direction is provided in the rule itself, says Kate Borten, CISSP, CISM, founder of The Marblehead Group in Marblehead, Massachusetts. "You need to teach your workforce how to recognize something that might be a problem, report it to somebody internally, investigate it, figure it out, and deal with it to mitigate potential harm," Borten says.
Although the HIPAA Privacy Rule does not use the same language as the Security Rule where incident response plans are concerned, it states that organizations must be aware of privacy issues and must investigate and mitigate them, Borten adds.
The incident response plan may be confused with breach notification, but actually precedes and encompasses that process. "Everything starts off as an incident," says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager at Wipfli, LLP, in Eau Claire, Wisconsin. "We don't know if it's a breach until after we go through that risk analysis." But before you can begin the four-factor risk assessment or breach notification, you have to find out what type of event you have on your hands--this is when your incident response plan comes into play.
Continue reading "Security incident response plans: The first step in mitigating potential risks" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the September issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Complications from immobility by body system
- OB services: Coding inside and outside of the package
- Q&A: Primary, principal, and secondary diagnoses
- The consequences of an incomplete medical record
- Differentiate between types of wound debridement
- Nursing responsibilities for managing pain
- Practice the six rights of medication administration
- ICD-10-CM coma, stroke codes require more specific documentation
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- Q&A: Utilization Review Committee Membership
- Q&A: Bill blood administration the same way for inpatient and outpatient accounts
- Q&A: A second look at encephalopathy as integral to seizures/CVA
- Performing a SWOT analysis
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students
- Coding tip: Watch for different codes for SI joint injections
- Searched