An Attorney Offers HITECH Advice

Calls for a team approach Howard Anderson (ismg_editor) • March 1, 2010 Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.

"Everyone who would be needed to take action after an actual breach should be involved in creating the processes to be followed," Hinkley said March 1 in a presentation at the HIMSS Conference in Atlanta

He offered other advice for preparing to comply with the breach notification rule under the HITECH Act:

Be sure to enable staff members to raise specific security concerns anonymously to help pinpoint problem areas;

Spell out in agreements with business associates that they should report any breaches immediately so that the hospital can alert affected patients within the required 60 days

In addition to conducting ongoing staff training on data security, be sure to conduct post-breach training on lessons learned from any incidents and new policies to follow.

Previous
To Whom Should CISOs Report?

Next
Burglary Leads to Breach

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

You might also be interested in …

HIPAA Audits: A Revised Game Plan

HIPAA Audits: A Revised Game Plan

IAM is Critical to Securing a Remote Workforce

Insider Threat: Reduce the Risk

Insider Threat: Reduce the Risk

Case Study: Live Oak Bank Tackles Cloud Security with Orca Security

Case Study: Live Oak Bank Tackles Cloud Security with Orca Security

The Convergence of CMMC and MSSP/MDR Results in a New Service Category: Managed Cybersecurity and Compliance Provider (MCCP)

The Convergence of CMMC and MSSP/MDR Results in a New Service Category: Managed Cybersecurity and Compliance Provider (MCCP)

Why You Should Take Security to the Cloud

Essential Guide to Machine Data: Infrastructure Machine Data

Essential Guide to Machine Data: Infrastructure Machine Data

The Essential Guide to Container Monitoring

The Essential Guide to Container Monitoring

Splunk Global Restart - Build a More Resilient Workplace With Data in Five Steps

Splunk Global Restart - Build a More Resilient Workplace With Data in Five Steps

Around the Network

Is Your Security Stack Ready for the Modern Cloud?

Is Your Security Stack Ready for the Modern Cloud?

Case Study: Streamlining Third-Party Risk Management

Case Study: Streamlining Third-Party Risk Management

Implementing Cybersecurity Best Practices

Implementing Cybersecurity Best Practices

Telemedicine: Inclusion and Fraud

Telemedicine: Inclusion and Fraud

The Looming Threat of Broken Cryptography

The Looming Threat of Broken Cryptography

FDA's Kevin Fu on Threat Modeling for Medical Devices

FDA's Kevin Fu on Threat Modeling for Medical Devices

Crisis Communications: How to Handle Breach Response

Crisis Communications: How to Handle Breach Response

Analysis: Fat Face's Awkward Breach Notification

Analysis: Fat Face's Awkward Breach Notification

Analysis: Takeaways From Ransomware Gang Interviews

Analysis: Takeaways From Ransomware Gang Interviews

State of the Marketplace: A Conversation With Dave DeWalt

State of the Marketplace: A Conversation With Dave DeWalt

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.