How to React to a Security Incident

Checklist and incident form provide guidance for security breaches

CHICAGO, January 14, 2008—Theft or loss of electronic personal health information (PHI) may occur even with the most sophisticated security measures in place. Therefore, healthcare organizations should be prepared to respond to security breaches with a well thought-out plan, according to an article in the January issue of the Journal of AHIMA.

The article outlines processes that can be used to react to a security incident: principles of HIM, quality improvement, risk management, and customer service (notification). A data breach investigation and mitigation checklist details the necessary steps for responding to theft, loss, or unplanned destruction of an electronic PHI.

Additionally, the Journal article includes a sample security incident response report form, intended for use in tandem with the checklist, which can serve as the primary investigative document.

Also explained is the need for healthcare organizations to have a media communication plan to effectively respond to reporters when there has been a security breach.

Read the complete article and get the checklist and incident report form in the January issue of the Journal of AHIMA or online at www.ahima.org.