July 31, 2015

Episode 12: Breach Response Plans

Listen Later

26 minutes

Description

A Breach Response plan is a required element of your compliance program since HITECH became effective. Everyone must have a written plan and know what needs to be done.

Glossary

NIST National Institute of Standards and Technology

Links

NIST SP 800-61 Revision 2 - Computer Security Incident Handling Guide

APDerm Resolution Agreement See item 2(2)

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

Establishing an incident response capability should include the following actions:

Creating an incident response policy and plan

Written required - already had an OCR resolution that mentioned not having one (APDerm - $150,000)

Developing procedures for performing incident handling and reporting

Who is your "go to" team for forensics

Setting guidelines for communicating with outside parties regarding incidents

PR will be critical for reputation managment

Selecting a team structure and staffing model

Someone has to be in charge of the whole thing and then others in charge of the parts.

Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)

Bigger organizations need to know who is responsible for talking with each department.

Determining what services the incident response team should provide

How far is the team going through the process? Will they pass off follow up or will they do all the activity required from beginning to end. Again, large organizations need to worry about this.

Staffing and training the incident response team

Make a written list and have the team meet regularly to review how to respond to any incident that may come up in the organization.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Help Me With HIPAA

By Donna Grindle and David Sims

4.9

6161 ratings

July 31, 2015

Episode 12: Breach Response Plans

Listen Later

26 minutes

Description

A Breach Response plan is a required element of your compliance program since HITECH became effective. Everyone must have a written plan and know what needs to be done.

Glossary

NIST National Institute of Standards and Technology

Links

NIST SP 800-61 Revision 2 - Computer Security Incident Handling Guide

APDerm Resolution Agreement See item 2(2)

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

Establishing an incident response capability should include the following actions:

Creating an incident response policy and plan

Written required - already had an OCR resolution that mentioned not having one (APDerm - $150,000)

Developing procedures for performing incident handling and reporting

Who is your "go to" team for forensics

Setting guidelines for communicating with outside parties regarding incidents

PR will be critical for reputation managment

Selecting a team structure and staffing model

Someone has to be in charge of the whole thing and then others in charge of the parts.

Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)

Bigger organizations need to know who is responsible for talking with each department.

Determining what services the incident response team should provide

How far is the team going through the process? Will they pass off follow up or will they do all the activity required from beginning to end. Again, large organizations need to worry about this.

Staffing and training the incident response team

Make a written list and have the team meet regularly to review how to respond to any incident that may come up in the organization.

...more

More shows like Help Me With HIPAA

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,014 Listeners

The Ramsey Show by Ramsey Network

The Ramsey Show

38,704 Listeners

Wait Wait... Don't Tell Me! by NPR

Wait Wait... Don't Tell Me!

38,649 Listeners

Radiolab by WNYC Studios

Radiolab

43,909 Listeners

The Joe Rogan Experience by Joe Rogan

The Joe Rogan Experience

225,807 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Juicy Scoop with Heather McDonald by Heather McDonald & Studio71

Juicy Scoop with Heather McDonald

25,558 Listeners

The Jordan B. Peterson Podcast by Dr. Jordan B. Peterson

The Jordan B. Peterson Podcast

34,045 Listeners

This Past Weekend w/ Theo Von by Theo Von

This Past Weekend w/ Theo Von

27,214 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,871 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

9,095 Listeners

The MeidasTouch Podcast by MeidasTouch Network

The MeidasTouch Podcast

44,368 Listeners

SmartLess by Jason Bateman, Sean Hayes, Will Arnett

SmartLess

57,908 Listeners

The Dr. John Delony Show by Ramsey Network

The Dr. John Delony Show

7,093 Listeners