No, not another article listing data breach to-dos and to-don'ts.... Instead, this article focuses on the framework, or set of best practices in which to place these details.
Most healthcare providers have their patients' well-being at heart, and it's this attitude of caring that can help an organization achieve compliance almost automatically. With the following serving as a foundation you can help your organizations demonstrate that goodwill in tangible, effective ways. Click here to read the full article in part three of the four part series on Government Healthcare IT.
- Take a PHI/PII inventory. Outsourcing this to the experts is actually much less expensive than it sounds.
- Develop an Incident Response Plan. We discussed IRPs in the first two articles in this series (3 Tips for surviving an OCR breach investigation and 9 steps to take during an OCR data breach investigation). An IRP is an effective, cost-efficient means for helping organizations capture the essence of what is most important.
- Meet patients' real needs. That's an obvious one, or is it? It's a costly one, for sure.
- Look at data breaches as an opportunity. Believe it or not, data breaches have an upside.
Every data breach is different, but the determination to do the right thing in the face of a data breach should never waver. Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all.