Breach Notification Planning Tips – Key Lessons Learned

This entry is part 6 of 7 in the series Breach Planning Tips

A couple of weeks ago, we did a podcast hosted by's Executive Editor, Howard Anderson.  During that interview, Howard asked "Are there any other lessons we can learn from the notification experiences of those organizations that have experienced major breaches?" Here's how I responded to what we're learning from early enforcement of the interim final breach notification rule…. There are quite a number of lessons-learned, but here are three top-of-mind big ones:

  1. Get proactive and stay proactive; set business risk management goals; commission a team and do your security evaluation and your risk analysis so you can secure your PHI.  Build your Breach Notification Plan.
  2. Cooperate fully with affected individuals, the Office for Civil Rights and local media.  As I mentioned above, bad news doesn’t age well.
  3. Fire up / resurrect / revitalize your entire HIPAA Security Compliance program – demonstrate, genuine good-faith effort to comply so as to avoid findings of “willful neglect”.  Remember Breach Notification doesn’t exist in isolation, it is HIPAA-HITECH “pillar” right alongside the Privacy and Security Rules.

Learn more…

  1. Read more on Data Breach Planning Notification Tips – How to Avoid Creating Unnecessary Risk
  2. Download the 15-minute Podcast
  3. Join our new AboutHIPAA LinkedIn Group –

See our list of upcoming live webinars, or check out our on-demand webinars with resources you may have missed.

Series Navigation<< Breach Notification Planning Tips – Notification LettersBreach Notification Planning Tips – Know Your Burden of Proof >>


  1. Breach Notification Planning Tips – How to Avoid Creating Unnecessary Risk « IT-Security.BlogNotions - Thoughts from Industry Experts - 08/26/2011

    [...] Breach Notification Planning Tips – Key Lessons Learned [...]

Leave a Reply