HHS...

"...your unbiased advocate, providing expert strategy matched to your company's goals and objectives"

 

HHS Releases HIPAA Cyber-Attack Checklist

Share

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has released a quick-response checklist briefly describing the steps that HIPAA-covered entities (including medical and dental offices) and their business associates should take in response to a cyber-related security incident. Steps include:

  • Executing the entity’s response and mitigation procedures and contingency plans,such as immediately fixing any technical or other problems to stop the incident;
  • Reporting the crime to other law enforcement agencies,which may include state or local law enforcement, the Federal Bureau of Investigation (FBI), and/or the Secret Service;
  • Reporting all cyber-threat indicators to federal and information-sharing and analysis organizations (ISAOs), including the Department of Homeland Security and the HHS Assistant Secretary for Preparedness and Response (any reports should not include protected health information); and
  • Reporting the breach to the OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals, and notifying affected individuals and the media unless a law enforcement official has requested a delay in the reporting.

Note: OCR considers all mitigation efforts taken by the entity during any particular breach investigation. Such efforts include the voluntary sharing of breach-related information with law enforcement agencies and other federal and analysis organizations.

Click here to read the entire cyber-attack checklist.

Please visit our HIPAA section for more on the law’s requirements.

In his career, Gregg has developed specialized expertise in “consumer-driven” and high deductible health plans with HSA and HRA strategies, and sold the first HSA plans issued in Virginia through Assurant Health. He is an expert in analyzing plan design data and has served as account executive for national accounts such as Coca-Cola Enterprises and Tenet HealthCare. Gregg utilizes a strategic approach to establish goals based on each client’s unique culture and competitive environment, and measuring results against jointly established criteria. Gregg Kennerly is a Principal at Advanced Benefit Strategies of Virginia, LLC.
Follow Gregg on Twitter
Connect with Gregg on Facebook
 
 

In the News

 

Fresh Ideas

 

Connect with Us