Assignment
Write A Security Incident Response Plan
HIPAA regulations mandate that each covered entity maintain a set of security incident procedures in order to formalize how it will respond in the event of security incidents. What this means is that a healthcare organization will think of possible security events that might take place, and put together a plan of how they will handle each of these events if they occur, so that they are prepared. These are called Incident Response Plans.
Requirements:
You are the new HIPAA Security Officer for a hospital and you found that there is no Incident Response Plan put together for the event of Major Electronic Theft of Protected Health Information (affecting More than 1000 patients) from your hospital. Draft the Incident Response Plan that will be used at your hospital in the event of a major electronic theft of protected healthcare information (affecting more than 1000 patients). Note that this would be regarding theft, not accidental disclosure.
• In your plan, include the roles and responsibilities of staff members in the context of the incident. Who will you include in your plan? What staff roles will have tasks to carry out in this event?
• Describe the 'identification phase' which is necessary for the staff to report that an incident has occurred.
• Provide steps to be taken in response to the incident.
• You may want to do some internet research regarding HIPAA Security Incident Response Plans to help with this assignment. Be sure to cite your references.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.