How to Avoid Creating Unnecessary Risk
Listen to our recent Podcast hosted by HealthcareInfoSecurity.com's Executive Editor, Howard Anderson. Receive Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk and more… Benefit from our expertise! Check out our upcoming webinar on 5/18/2011 – How To Establish Your Data Breach Notification Program …
"Breach notification planning is just a fundamental, basic part of risk management in the new millennium," says security expert Bob Chaput.
Healthcare organizations that fail to develop a comprehensive plan for notifying government authorities, as well as individuals affected, about a healthcare information breach, as required under the HITECH Act, "are creating unnecessary risk" in addition to the risks inherent in the breach itself, Chaput says.
- Read more: Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk …
- Download the 15-minute Podcast
- Register for our upcoming webinar on 5/18/2011 – How To Establish Your Data Breach Notification Program
- Join our new AboutHIPAA LinkedIn Group – http://abouthipaali.org/
In the interview, I stressed the need to:
- Understand requirements under the HITECH Act interim final breach notification rule as well as state breach notification laws and develop a plan for meeting those requirements.
- Share information about breaches with patients as soon as it's available. "Come clean early and fully," he says. "Unlike wine, bad news doesn't age well."
- Offer breach victims help with monitoring their credit ratings and "make it very, very easy to be contacted" about any questions.
- Cooperate fully with the Department of Health and Human Services' Office for Civil Rights, which investigates breaches, the local news media and individuals affected. "Lack of cooperation has caused, at least in one case, a huge penalty issued by the Office for Civil Rights," he notes (See: HIPAA Privacy Fine: $4.3 Million).
- Revitalize your HIPAA privacy and security rule compliance program. In this way, the organization can demonstrate a "good faith effort to comply," which can help it to avoid higher penalties associated with willful neglect to comply.