An Attorney Offers HITECH Advice

Calls for a team approach Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.

"Everyone who would be needed to take action after an actual breach should be involved in creating the processes to be followed," Hinkley said March 1 in a presentation at the HIMSS Conference in Atlanta

He offered other advice for preparing to comply with the breach notification rule under the HITECH Act:

Be sure to enable staff members to raise specific security concerns anonymously to help pinpoint problem areas;
Spell out in agreements with business associates that they should report any breaches immediately so that the hospital can alert affected patients within the required 60 days
In addition to conducting ongoing staff training on data security, be sure to conduct post-breach training on lessons learned from any incidents and new policies to follow.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.