HIPAA Draft Regulation References §142.308(a) (9) (Administrative Procedures)
(9) Security incident procedures (formal documented instructions for reporting security breaches) that include all of the following implementation features:
§142.308(a) (9)
(i) Report procedures (documented formal mechanism employed to document security incidents).
(ii) Response procedures (documented formal rules or instructions for actions to be taken as a result of the receipt of a security incident report
Section II: Requirement
The entity must have written procedures for reporting security breaches to ensure that security violations are handled
promptly and appropriate.
Section III: Approaches/Solutions
1. Implement and incident report and response procedure and document it.
2. Train workforce members when, how, and to whom to report a security incident.
3. Document that workforce members have received training.
4. Train the Computer Incident Response Team (CIRT) to ensure that they understand their roles and responsibilities.
5. Ensure that team is prepared to answer question of do we "fix" the system or do we ensure we "preserve" the evidence for prosecution.
Section IV: Policy & Procedure
Information Security Incident Reporting and Response
Technology:
In the event of a breach, plans should be in place to ensure that all members of the workforce
know their responsibility.
Users/Roles:
- Management is responsible for ensuring that the CIRT has adequate resources to respond in a timely manner.
- System administrators are responsible for ensuring that members of the CIRT have all of the information in order to make informed decisions and manage the risk presented.
Section V: Web Sites of Interest
http://www.nitc.state.ne.us/standards/index.html
http://www.cert.org/csirts/Creating-A-CSIRT.html
http://www.cio.com/research/security/incident_response.pdf
Return To Top
