Progressive Computer Systems, Inc.
Call us: (919) 929-3080
  • Home
  • About Us
    • Our Team
      • Under Attack! – Book Release
    • Awards
    • Community Involvement
    • Referral Program
    • Testimonials
    • Join Our Team
      • Job Postings
  • Services
    • Complete List
    • Managed Services
      • ProgressiveCARE Managed Services
    • Cybersecurity
    • HIPAA Compliance
    • Cloud Services
    • IT Consulting
    • Email & SPAM Protection
    • Cabling & Internet Services
    • IT Outsourcing
  • Solutions
    • Strategic Planning
    • Business Continuity
    • IT Infrastructure
      • Why Use Progressive?
    • Network Security
      • Security Concerns
    • Virtualization
    • Business Assessments
    • Unified Communications
    • Hardware & Software
      • Recommended Equipment
  • Partners
  • Industries
    • Life Sciences
    • Health Care
    • Professional Services
    • Government & Education
    • Non-Profit
  • Resources
    • Professional Network
    • Under Attack! with Lisa Mitchell – Book Release
    • Newsletter Archive
  • Contact Us
    • Referral Form
  • Portal
    • Client Portal Login
    • Online Payment
Search the site...

Data Protection for Healthcare: What You Must Know – Part 7 of 7

young it engeneer business man with thin modern aluminium laptop in network server room

Part 7 of 7
Security Incident Management: A patient’s information has been compromised. Now what? Is your staff confident that they know how to handle this breach? An organization never wants to wait until they are in a breach to know what needs to be done. Here are twelve steps for handling a security breach:
1. Contact a HIPAA Consultant and/or a HIPAA Attorney.
2. If over 500 records have been compromised, provide notice to prominent media serving your state or jurisdiction by the deadline.
3. Notify the patients affected by individual notice by the deadline. Apologize for the breach and indicate that their medical information may have affected.
4. Implement your Employee Sanction Policy and document the breach in the employee’s personnel file.
5. Complete a Security Incidence Report Form with the supporting documents.
6. Review a Data Breach Notification and Mitigation Checklist.
7. Determine if more or less than 10 contacts were invalid and if a Substitute Notice is required, either by posting the notice on the homepage of your website for 90 days or by providing the notice in major print or broadcast media where the affected individuals likely reside.
8. If required, provide a toll-free number for 90 days where individuals
can learn if their information was involved in the breach.
9. File a Data Breach Report with the Office for Civil Rights (OCR).
10. Review the breach, mitigate the circumstances, provide education around the breach event, and re-train staff.
11. Review federal and state breach laws for additional steps, especially concerning PII.
12. Follow both federal and state mandated laws, including potentially notifying the Attorney General and/or the three major consumer reporting agencies.

YOUR GOAL IS BREACH PREVENTION
No organization wants to find itself in the position of having to defend a breach.  Preventing a breach is ideal and being proactive is necessary. Take these ideas under serious consideration:

• Hire a Managed Service Partner to monitor and manage your IT environment.
• Have regular consultations with a HIPAA knowledgeable attorney.
• Hire a HIPAA Consultant.
• Pay a professional to conduct a Comprehensive Risk Assessment.
• Mitigate the results of a Security Vulnerability Assessment.
• Implement and enforce HIPAA Security Policies/Procedures.
• Get Cyber Insurance and implement a full HIPAA Compliance Program.
• Invest in industry-standard encryption solutions.
• Have an Organizational Policy for addressing and monitoring mobile devices.
• Use Active Directory and Group Policies to enforce User Rights and Security Controls.
• Ensure that medical devices have up-to-date security patches and are malware-free.
• Implement and maintain strong firewalls with subscription services and an Intrusion Detection System (IDS).
• Cultivate a strong, ongoing Security and HIPAA Awareness Program.

Share this:

  • Share
  • Facebook
  • LinkedIn
  • Twitter
BYOD, cybersecurity, firewall, HIPAA, HIPAA compliance, mHealth

YOURS FREE!

The 7 Most Critical IT Security Protections Every Business Must Have In Place. PLUS: Healthcare & Data Security chapter from the Bestseller, "Under Attack!"

Sign Up Now

Under Attack!

Now Available on AMAZON!

Recent Posts

Click here to view our recent posts.

Archives

Subscribe to Our Blog via Email

  • (919) 929-3080
  • (919) 929-3087
  • PCSsales@pc-net.com
  • PCSsupport@pc-net.com
  • Contact Us
    • Linkedin
    • Twitter
    • Facebook
Mailing address:
Progressive Computer Systems
615 Eastowne Drive
Chapel Hill, NC 27514
Directions

YOURS FREE !

The 7 Most Critical IT Security Protections Every Business Must Have In Place. PLUS: Under Attack! Book Chapter.
Sign Up Now for Your Free Chapter

HP Virtualization

© 2020 Progressive Computer Systems