Not a bad starting point. I'd also say you should re-do your HIPAA Security risk analysis. Part of that will be inventorying your PHI, and part of the result should include your incident response plan. The best thing you can to is find out what your troubles are. When you're sick and you go to the doctor, or even if you're feeling fine and you go for an annual physical, the first thing the doctor does is get your vitals and lab work. That's what your risk analysis should be -- a regular checkup to spot trouble (or at least trouble spots to watch) before it happens.