[ Friday, December 02, 2011 ]


Three Steps to Minimize the Data Breach Epidemic: from Government Health IT:

  1. Inventory your PHI/PII

  2. Develop an Incident Response Plan

  3. Review your Business Associate Agreements

Not a bad starting point. I'd also say you should re-do your HIPAA Security risk analysis. Part of that will be inventorying your PHI, and part of the result should include your incident response plan. The best thing you can to is find out what your troubles are. When you're sick and you go to the doctor, or even if you're feeling fine and you go for an annual physical, the first thing the doctor does is get your vitals and lab work. That's what your risk analysis should be -- a regular checkup to spot trouble (or at least trouble spots to watch) before it happens.

Jeff [11:06 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template