HIPAA regulations mandate that each covered entity maintain a set of security incident procedures in order to formalize how it will respond in the event of security incidents. What this means is that a healthcare organization will think of possible security events that might take place, and put together a plan of how they will handle each of these events if they occur, so that they are prepared. These are called Incident Response Plans.
You are the new HIPAA Security Officer for a hospital and you found that there is no Incident Response Plan put together for the event of Major Electronic Theft of Protected Health Information (affecting More than 1000 patients) from your hospital. Draft the Incident Response Plan that will be used at your hospital in the event of a major electronic theft of protected healthcare information (affecting more than 1000 patients). Note that this would be regarding theft, not accidental disclosure. In your plan, include the roles and responsibilities of staff members in the context of the incident. Who will you include in your plan? What staff roles will have tasks to carry out in this event? Describe the ‘identification phase’ which is necessary for the staff to report that an incident has occurred. Provide steps to be taken in response to the incident. You may want to do some internet research regarding HIPAA Security Incident Response Plans to help with this assignment. Be sure to cite your references.
Your paper should include the following criteria: 2-pages in length, double-spaced. Free of spelling, grammar, and punctuation errors.
Please Meet Criteria!!
Included the roles and responsibilities of staff members in the context of the incident.
Described the ‘identification phase’ which is necessary for the staff to report that an incident has occurred.
Provided steps to be taken in response to the incident. Remember specific HIPAA steps that need to be taken due to more than 1000 patients’ information being stolen!
Free of spelling, grammar, and punctuation errors.