An Attorney Offers HITECH Advice

Calls for a team approach Howard Anderson (ismg_editor) • March 1, 2010 Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.

"Everyone who would be needed to take action after an actual breach should be involved in creating the processes to be followed," Hinkley said March 1 in a presentation at the HIMSS Conference in Atlanta

He offered other advice for preparing to comply with the breach notification rule under the HITECH Act:

Be sure to enable staff members to raise specific security concerns anonymously to help pinpoint problem areas;

Spell out in agreements with business associates that they should report any breaches immediately so that the hospital can alert affected patients within the required 60 days

In addition to conducting ongoing staff training on data security, be sure to conduct post-breach training on lessons learned from any incidents and new policies to follow.

Previous
To Whom Should CISOs Report?

Next
Burglary Leads to Breach

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

You might also be interested in …

Live Webinar | Staying Secure and Compliant in a Work From Home Environment

Live Webinar | Staying Secure and Compliant in a Work From Home Environment

The Guide to Supplier CCPA Readiness for Security and IT Teams

Cyber Security in the Age of Digital Transformation: A Reality Check

Buyers Guide: Third-Party Cyber Risk Management

Buyers Guide: Third-Party Cyber Risk Management

Maintain a Clear Bill of (Third-Party Risk) Health

Enhance Security Posture for State and Local Agencies

Active Deception to Combat Advanced Threats

Deception-Based Threat Detection: Shifting Power to the Defenders

Case Study: A View of Deception Technology in Security Testing

Around the Network

Confidential Computing: Beyond the Hype

Confidential Computing: Beyond the Hype

Analysis: Surge in Attacks Against Banks

Analysis: Surge in Attacks Against Banks

How Bangladesh Is Managing Critical Infrastructure Security

How Bangladesh Is Managing Critical Infrastructure Security

Confidential Computing: The Use Cases

Confidential Computing: The Use Cases

Safeguarding COVID-19 Research, Other Intellectual Property

Safeguarding COVID-19 Research, Other Intellectual Property

Using Monitoring to Tackle Shadow IT Issues

Using Monitoring to Tackle Shadow IT Issues

How to Avoid Unnecessary Breach Reporting

How to Avoid Unnecessary Breach Reporting

AMA Outlines Privacy Principles for Health Data

AMA Outlines Privacy Principles for Health Data

Mitigating Risks Posed by Emerging Fraud Tactics

Mitigating Risks Posed by Emerging Fraud Tactics

Identity Verification in Healthcare: Revamping a Framework

Identity Verification in Healthcare: Revamping a Framework

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.