HIPAA regulations mandate that each covered entity maintain a set of security incident procedures in order to formalize how it will respond in the event of security incidents. What this means is that a healthcare organization will think of possible security events that might take place, and put together a plan of how they will handle each of these events if they occur, so that they are prepared. These are called Incident Response Plans.
You are the new HIPAA Security Officer for a hospital and you found that there is no Incident Response Plan put together for the event of Major Electronic Theft of Protected Health Information (affecting More than 1000 patients) from your hospital. Draft the Incident Response Plan that will be used at your hospital in the event of a major electronic theft of protected healthcare information (affecting more than 1000 patients). Note that this would be regarding theft, not accidental disclosure.
· In your plan, include the roles and responsibilities of staff members in the context of the incident. Who will you include in your plan? What staff roles will have tasks to carry out in this event?
· Describe the ‘identification phase’ which is necessary for the staff to report that an incident has occurred.
· Provide steps to be taken in response to the incident.
· You may want to do some internet research regarding HIPAA Security Incident Response Plans to help with this assignment. Be sure to cite your references.
Your paper should include the following criteria:
· 2 pages in length, double-spaced.
· Free of spelling, grammar, and punctuation errors.
|Included the roles and responsibilities of staff members in the context of the incident.|
|Described the ‘identification phase’ which is necessary for the staff to report that an incident has occurred.|
|Provided steps to be taken in response to the incident.|
|Free of spelling, grammar, and punctuation errors. Add header to show what is covered where|
One cannot discuss IT security without including HIPAA and healthcare. HIPAA deals with both healthcare Privacy and Security. What is the difference? HIPAA Privacy deals with protecting confidentiality of Protected Health Information – Basically, who gets to see or hear patient information? HIPAA Security deals with protecting the integrity of the information – Basically, keeping that information safe. Since much of that information is electronic, there is a definite technical component to the HIPAA Security responsibilities. HIPAA Security covers the concepts of Physical, Technical, and Administrative safeguards, as well as Security Risk Analysis.