Does your practice have an incident response plan if you loose a technology device or have a device stolen? If you don’t, you should. As technology rapidly progresses, individuals are frequently transporting information on moveable hard drives, such as smart phones, lap tops, thumb drives, external hard drives, etc., and a lost or stolen unencrypted device could result in devastating consequences if the devices contain protected health information (“PHI”).
Having an incident response plan in place is crucial. “Having even a simple incident response plan in place that focuses on rapid identification and a coordinated response gives healthcare organizations important advantages in the fight against cyber crime. First, a plan allows IT to greatly reduce the time between the discovery of a possible exposure and the identification of any data that was compromised. Reduced response time can keep the data loss to a minimum and assists the organization in providing mandatory notification within the time frame allowed. In addition, a formal process gives IT the ability to quickly limit unauthorized access to the network and sensitive data, thus limiting the amount of information that may be exposed.” Article.
It is imperative that you and your practice be proactive in planning for the worst case scenario when it comes to PHI. As the old saying goes, “An ounce of prevention is worth a pound of cure.”
Tell us how you analyze technology to stay compliant with the HITECH Act and Final Rule to avoid breaches? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.