An Attorney Offers HITECH Advice

Calls for a team approach Howard Anderson (ismg_editor) • March 1, 2010 Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.

"Everyone who would be needed to take action after an actual breach should be involved in creating the processes to be followed," Hinkley said March 1 in a presentation at the HIMSS Conference in Atlanta

He offered other advice for preparing to comply with the breach notification rule under the HITECH Act:

Be sure to enable staff members to raise specific security concerns anonymously to help pinpoint problem areas;

Spell out in agreements with business associates that they should report any breaches immediately so that the hospital can alert affected patients within the required 60 days

In addition to conducting ongoing staff training on data security, be sure to conduct post-breach training on lessons learned from any incidents and new policies to follow.

Previous
To Whom Should CISOs Report?

Next
Burglary Leads to Breach

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

You might also be interested in …

Live Webinar | 8 Ways to Tackle the Biggest Access-Related Information Security Challenges in Financial Services

Live Webinar | 8 Ways to Tackle the Biggest Access-Related Information Security Challenges in Financial Services

Classification By Design: The Foundation Of Effective Data Protection Compliance

Maintain a Clear Bill of (Third-Party Risk) Health

Remote Workforce Security: The Role of 'Zero Trust'

Remote Workforce Security: The Role of 'Zero Trust'

Live Webinar | Customer Identity: Building Secure, Seamless Experiences

Live Webinar | Customer Identity: Building Secure, Seamless Experiences

Live Webinar | Using the NIST Privacy Framework to Solve Common Data Privacy Problems

Live Webinar | Using the NIST Privacy Framework to Solve Common Data Privacy Problems

Move Beyond Passwords

COVID-19: Overcoming an Abundance of Cybersecurity Caution

Securing Work From Home Checklist

Around the Network

The Celebrity Twitter Hack: What Happened?

The Celebrity Twitter Hack: What Happened?

Mitigating Brand Impersonation Fraud

Secret Service Agent Offers Cybercrime-Fighting Insights

Secret Service Agent Offers Cybercrime-Fighting Insights

Key Digital Payment Identity Management Issues

Key Digital Payment Identity Management Issues

Security Analysis: US Outmaneuvers UK on 'Huawei Question'

Security Analysis: US Outmaneuvers UK on 'Huawei Question'

Medical Devices: Mitigating Cyber Risks

Medical Devices: Mitigating Cyber Risks

Behavioral Biometrics: Avoiding Mistakes

Behavioral Biometrics: Avoiding Mistakes

Analysis: The Hacking of Mobile Banking App Dave

Analysis: The Hacking of Mobile Banking App Dave

Detecting Payroll Fraud With Data Analytics

Detecting Payroll Fraud With Data Analytics

COVID-19 Contact-Tracing Apps: The Privacy Issues

COVID-19 Contact-Tracing Apps: The Privacy Issues

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.