OCR publishes 'quick-response' checklist to help organizations address healthcare breaches

HHS' Office for Civil RIghts, which oversees HIPAA and health information privacy rights, released a "quick-response checklist" to support healthcare organizations.

The checklist — and associated infographic — outlined four steps HIPAA-covered entities and their business associates should take following a cyberattack or data breach.

1. Respond. The organization should execute its mitigation procedures and contingency plans, such as fixing any technical issues or halting impermissible disclosure of protected health information.

2. Report crime. The organization should report the crime to law enforcement agencies, which may include local offices, the FBI and the Secret Service.

3. Share threat. The organization should report the cyberthreat to information sharing organizations, such as the Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response and relevant private-sector organizations.

4. Assess breach. The organization should investigate the incident to determine whether there was a breach of PHI. It must report any breaches affecting 500 or more individuals to OCR within 60 days.

Click to view the checklist and infographic.

More articles on health IT:
athenahealth to acquire Praxify
Mississippi Medicaid division notifies 5.2k individuals of privacy breach via unsecured online form
4 questions with Henry Ford Health System CIO Mary Alice Annecharico 

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.