An Attorney Offers HITECH Advice

Calls for a team approach Howard Anderson (ismg_editor) • March 1, 2010 Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.

"Everyone who would be needed to take action after an actual breach should be involved in creating the processes to be followed," Hinkley said March 1 in a presentation at the HIMSS Conference in Atlanta

He offered other advice for preparing to comply with the breach notification rule under the HITECH Act:

Be sure to enable staff members to raise specific security concerns anonymously to help pinpoint problem areas;

Spell out in agreements with business associates that they should report any breaches immediately so that the hospital can alert affected patients within the required 60 days

In addition to conducting ongoing staff training on data security, be sure to conduct post-breach training on lessons learned from any incidents and new policies to follow.

Previous
To Whom Should CISOs Report?

Next
Burglary Leads to Breach

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

You might also be interested in …

The Ultimate Guide to Privacy Program Automation

The Ultimate Guide to Privacy Program Automation

Panel | Encryption is on the Rise! Learn How to Balance Security with User Privacy and Compliance

Panel | Encryption is on the Rise! Learn How to Balance Security with User Privacy and Compliance

JavaScript and Blockchain: Technologies You Can't Ignore

JavaScript and Blockchain: Technologies You Can't Ignore

A Guide to Passwordless Anywhere

A Guide to Passwordless Anywhere

Stronger Security Through Context-aware Change Management: A Case Study

Stronger Security Through Context-aware Change Management: A Case Study

Live Webinar | Standing-up an Industry Leading Third-Party Security Risk Management Program

Live Webinar | Standing-up an Industry Leading Third-Party Security Risk Management Program

Evaluating and Reducing Supply Chain Risk

►

Evaluating and Reducing Supply Chain Risk

The Security Professional's Guide to Third-Party Cyber Risk Management

The Security Professional's Guide to Third-Party Cyber Risk Management

Forrester Report | Why Isn’t Your Organization Prioritizing Third-Party Risk?

Forrester Report | Why Isn’t Your Organization Prioritizing Third-Party Risk?

Around the Network

David Derigiotis on the Complex World of Cyber Insurance

David Derigiotis on the Complex World of Cyber Insurance

Healthcare CISO Group Focuses on Third-Party Risk Challenges

Healthcare CISO Group Focuses on Third-Party Risk Challenges

Organizationwide Passwordless Orchestration

Organizationwide Passwordless Orchestration

Why Banks Find It Hard to Tackle Authorized Fraud

Why Banks Find It Hard to Tackle Authorized Fraud

Securing the SaaS Layer

Securing the SaaS Layer

The Persisting Risks Posed by Legacy Medical Devices

The Persisting Risks Posed by Legacy Medical Devices

Protecting the Hidden Layer in Neural Networks

Protecting the Hidden Layer in Neural Networks

Are We Doomed? Not If We Focus on Cyber Resilience

Are We Doomed? Not If We Focus on Cyber Resilience

How Cyberattacks Affect CISOs

How Cyberattacks Affect CISOs

Why Is Meta Choosing to Settle Over Cambridge Analytica?

Why Is Meta Choosing to Settle Over Cambridge Analytica?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.