If a breach of unsecured PHI occurs, how do I repair my reputation?
One of the more challenging assets to recover is your reputation as a trustworthy guardian of patient information and confidences. Once systems are restored, an independent security consultant or auditor should be retained to verify that your systems have been remediated against the vulnerability that permitted the loss to occur. The audit should evaluate whether "best practices" have been appropriately utilized. Documented evidence that you have affirmatively addressed past security problems is key component in responding to concerns from patients, clinicians, business partners, regulators or accreditation bodies.
Resources - Mitigating Harm
- Key Steps for Organizations in Responding to Privacy Breaches . Written by the Canada Office of Privacy, but overlooking references to Canada privacy laws, provides common sense guidelines on how to assess the severity of the breach and develop an appropriate response. Includes checklists for determining level of response and key activities.
Resources - Containing Exploits
- Infraguard is a partnership between the FBI and the private sector to share information and investigate cyber crimes. The website contains current information and links to organizations that are investigated and response to criminal activity.
- Department of Justice Cyber Crime is a website devoted to reporting recent events, technology, and investigations of cyber crimes.
Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.