StudyDaddy Health & Medical Class: Electronic Data Security Assignment: Write a Security Incident Response Plan Tip: For the second Written Assignment, Write a Security Incident Response Plan, this is just a reminder that you sh

Class: Electronic Data Security Assignment: Write a Security Incident Response Plan Tip: For the second Written Assignment, Write a Security Incident Response Plan, this is just a reminder that you sh

Class: Electronic Data Security

Assignment: Write a Security Incident Response Plan

Tip: For the second Written Assignment, Write a Security Incident Response Plan, this is just a reminder that you should write this plan on your own, in your own words, and not submit something that has been written by someone else or the grade will be an automatic 0.  I say this because there are some Security Incident Response Plans to be found on the internet and it is not appropriate to turn these in as your own work for this assignment.  Also the information that this must be a plan regarding a theft of more than 1000 patients' information is important to know.  Your plan should specifically address what to do if this happens.  This is to be a specific plan addressing only that type of incident!  

HIPAA regulations mandate that each covered entity maintain a set of security incident procedures in order to formalize how it will respond in the event of security incidents.  What this means is that a healthcare organization will think of possible security events that might take place, and put together a plan of how they will handle each of these events if they occur, so that they are prepared.  These are called Incident Response Plans.

Requirements:

You are the new HIPAA Security Officer for a hospital and you found that there is no Incident Response Plan put together for the event of Major Electronic Theft of Protected Health Information (affecting More than 1000 patients) from your hospital.  Draft the Incident Response Plan that will be used at your hospital in the event of a major electronic theft of protected healthcare information (affecting more than 1000 patients).  Note that this would be regarding theft, not accidental disclosure.

  • In your plan, include the roles and responsibilities of staff members in the context of the incident.  Who will you include in your plan?  What staff roles will have tasks to carry out in this event?

  • Describe the 'identification phase' which is necessary for the staff to report that an incident has occurred.

  • Provide steps to be taken in response to the incident. 

  • You may want to do some internet research regarding HIPAA Security Incident Response Plans to help with this assignment.  Be sure to cite your references.

Your paper should include the following criteria:

  • 2-3 pages in length, double-spaced.

  • Free of spelling, grammar, and punctuation errors APA format with In-text criterion.

Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.

Save your assignment as a Microsoft Word document.

Rubric:

Criteria

Points

Included the roles and responsibilities of staff members in the context of the incident.

10

Described the 'identification phase' which is necessary for the staff to report that an incident has occurred.

10

Provided steps to be taken in response to the incident.  Remember specific HIPAA steps that need to be taken due to more than 1000 patients' information being stolen!

10

Free of spelling, grammar, punctuation errors, and APA format with In-text criterion

Total

35


Lesson Content:

Here is a website that include some Privacy and Security Training Games that will give you some ideas on what is covered in HIPAA privacy and security:

https://www.healthit.gov/providers-professionals/privacy-security-training-games

IT Security Policy in Healthcare

HIPAA Requirements

To highlight the need for administrative approval, consider the following specific requirements of HIPAA:

  • The organization must be certified as compliant by a third party.

  • The organization must document its 'Chain of Trust' agreements regarding entities with whom it shares protected health information.

  • All information systems must be protected by a thoroughly documented contingency plan.

  • The organization must maintain a formal method of in-house auditing of its business processes in relation to HIPAA regulations.

  • The organization's personnel must be managed using a formal security clearance process.

  • Staff terminations must be managed using carefully planned procedures to ensure protected data is not compromised by exiting staff members.

  • Employees must participate in a formal, ongoing security training program.

Many other regulations exist within HIPAA regulations as well.

Combined with internal business processes unique to an organization, the weight of so many HIPAA-mandated policies implies that drafting and maintaining IT security policies is not the work of an individual. Security policies prevent disaster and establish guidelines for handling unwanted behaviors, but if managed by an attentive group with the ongoing best interests of the organization, they can be a terrific means of improving the overall quality of care of a healthcare organization.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!