THE FOLLOWING GUIDELINES ARE SAMPLE GUIDELINES FOR HANDLING AND RESPONDING TO A SECURITY INCIDENT. YOUR ORGANIZATION MAY ALREADY HAVE SIMILAR GUIDELINES IN PLACE AND THEY SHOULD BE REVIEWED TO ASSURE THAT THEY ARE ADEQUATE.

  1. Identify and establish a multi-disciplinary, multi-departmental Security Incident Response Team to provide the organization with an organized and speedy respond to security incident reports or other information suggestive of a security incident and assign roles in accordance with these guidelines. Suggested members of the Security Incident Response Team may include information services staff, Privacy and Security Officers, risk manager, legal staff, medical records staff, and human resources staff.
  2. Maintain a log of security incidents and the response thereto.
  3. Notify appropriate data users of the incident, including, as appropriate, local managers, staff who may need to change passwords, staff who should log-off of the system, staff who may need to immediately back-up data, etc. Also notify any outside incident reporting service, if applicable. Provide clear instructions regarding any steps they must take in response to the security incident.
  4. Collect evidence of and investigate the security incident. Determine what systems or data have been compromised, if any; determine avenues of entry; determine whether any electronic protected health information has been inappropriately accessed, damaged, or modified.
  5. Control and repair. Isolate the involved systems or data, cleanup the system and restore from backups.
  6. Involve human resources and law enforcement, if employee discipline is required or criminal activity suspected.
  7. Contact legal counsel if the security incident involves electronic protected health information that may have been inappropriately disclosed or compromised.
  8. Prepare a report describing the sequence of events, how the security incident was discovered, the procedure for correcting the problem.
  9. Institute monitoring to assure that the particular security incident does not recur.