Health Data Breach Response Plan
s the Chief Privacy Officer (CPO) of a competitive managed care organization, you have been advised of a breach in the privacy, security and confidentiality of sensitive patient data that occurred at the hands of an employee who was a willing participant in a large identify theft ring. After a tip received from the FBI, a six (6) month investigation was conducted. The employee sold hundreds of health records over the span of three (3) years for an undisclosed amount of money. After immediate termination and prosecution, the next step is to develop a comprehensive Health Data Breach Response Plan, a project assigned to you by the CEO.
Deliverables: The final product to submit is a comprehensive plan that includes the following:
Propose a data response plan that address the following:
Step One: The organization�s response to the notification of a breach
Step Two: Identify those responsible parties (by titles) to respond to the notification of breach and explain each of their roles in the process
Step Three: Procedure(s) to confirm the occurrence of a breach & identify the involved scope/type of data involved
Step Four: A three (3)-point system measure, to impact of the data breach & the action(s) taken for each level of impact
Step Five: Data breach response and corrective practices
Step Six: Monitor/test effectiveness of response and corrective practices
Step Seven: Notification (public and customer (specify whether all customers are notified or just those impacted)
Proposed annual schedule of conducted risk analysis (frequency) to access the organization�s susceptibility of data security risks and identify the identified person(s) to conduct the scheduled risks analysis
Create a risk analysis data security checklist to identify human, technical, environmental, and natural threats
Required checklist categories: identified threat, contributing factors, example of threat, the likeliness of occurrence and the potential impact to the organization (negative impacts)
Determine a system to determine/rate the likeliness of occurrence and the potential impact to the managed care organization
A list of specific resources in place to respond to a data breach
Identification and the incorporation Health Insurance Portability and Accountability Act (HIPAA) security standards safeguards within the data response plan:
Create an agenda of topics to present in an organization-wide employee training on the topic �What is My Role in the Prevention of an Organization�s Breach of Data�
2. Do not create a sixteen page document. The template is only for learning. Keep it to 3 pages – single spaced.
3. Follow the steps in the assignment instructions. Only provide a few sentences per section. Nothing verbose.
4. Pick two sections and drill down on them to add substance. Be thoughtful about which sections to drill down on. Tell the reader why you are offering more substance in that particular area. Consider your audience and the situation. Pick and choose what is important to say. You may even say something like “more information will be needed to continue with this analysis such as …” to close out a section.
5. Provide “examples” or “reference materials” by inserting links in your document if that makes sense to you.
6. Insert links in your document as source material instead of having a list of references.
7. Find examples on the internet and paraphrase them – use them as a guide – insert a hyperlink so that you are referencing them properly and not taking credit for the work.
We are not reinventing the wheel. All of this information lives on the internet somewhere. Or, in a guide of some sort. Have you taken advantage of resources that are offered by national associations such as ACHE and others?