Scenario
Things have been going fine, but you feel that is about to change. Maybe you think a data breach has occurred, but you’re not certain. Perhaps you sense that a lawsuit or audit is imminent. In other words, you’re about to “hit the wall” and you want to do what you can to minimize the damage. At this point, you are hoping that your data security and HIPAA compliance efforts are adequate.
Mode of Operation
You’re in pre-crisis mode. There is not enough time to start from the beginning with your data risk management program. You need to focus your efforts on measures that will deliver the highest degree of mitigation in the shortest amount of time. The accelerated pace will cost you time and money in the short-term, but it will pay dividends in the long-term. Chances are, you will have these costs and more anyway after hitting the wall. Some of the investments should have been made long before getting to this point. Lastly, with diligence and a bit of luck, you may be able to avoid hitting the wall altogether.
Plan of Action
- Assess the situation so you have a better idea of what you face.
- If you think you may have had a data breach, begin an investigation by IT and/or computer forensics specialists.
- If you haven’t done a HIPAA Security Risk Analysis, and you have time, get this done quickly.
- If you don’t have a recent full backup of your data, create one now.
- Assemble your disaster recovery team and review your plan. If you don’t have either of these, pull them together quickly.
- Gather your data security and HIPAA compliance documentation.
- If you think you may have a breach of PHI, review the Breach Notification Rules.