The Health Insurance Portability and Accountability Act (HIPAA) health care organizations to have incident response plans to handle any potential data breaches involving patients’ data and information. Such breaches lead to privacy violations as provided for by HPAA (HIPAA Journal, 2017).
Roles and Responsibilities of staff members
The response team will consist of the executive team, the IT manager, the head of risk management department, the public relations and marketing team, and customer service as well as relevant third parties, especially contracted vendors (Jalali & Kaiser, 2018). The main responsibility of the response team is to create and implement an immediate and customized response to the breach that has occurred.
Delegate your assignment to our experts and they will do the rest.
Identification Process
The identification procedure includes making sure that the source of the breach is known. For instance, it will include knowing if the breach was caused a firewall that has an open port, malware, or a successful phishing attack. Upon the identification of the affected part or system, the area is quarantined and the attacker is removed (Saine, 2017).
Response steps
When the attack has been contained, the hospital should contract an external team of experts to conduct a comprehensive penetration testing to ascertain that fixes are attained and their intended purpose. The process should also entail identifying any potential unknown attack vectors that may be exploited in the future (Jalali & Kaiser, 2018). Secondly, the team will conduct a forensics and root cause analysis to ensure that such a problem does not occur again in the future. Through the forensic analysis, the IT team will locate potential anomalies and eliminate guesswork and the need to reproduce the problem.
Thirdly, the hospital should conduct a risk and impact analysis to ascertain the level of the damage and ensure that it complies with the HIPAA Omnibus Final Rules 2013 (Saine, 2017). Fourthly, the institution should notify the external parties as required by HIPAA. This includes providing details to the Department of Health and Human Services because the breach involved details of 1,000 patients’ data. Lastly, they should reevaluate their security measures all the time.
References
HIPAA Journal (2017). HIPAA Compliance Checklist. Retrieved from
https://www.hipaajournal.com/hipaa-compliance-checklist/
Jalali, S. M. & Kaiser, J. P. (2018). Cyber-security in Hospitals: A Systematic, Organizational
Perspective. Journal of Medical Research , Vol.20, No.5.
Saine, T. (2017 May 16). 8 Steps to Take in the Event of a Data Breach at Your Hospital.
Retrieved from https://www.spok.com/blog/8-steps-take-event-data-breach-your-hospital