The Spring 2014 issue of Children's Hospitals Today, published by the Children's Hospital Association, features an article by BakerHostetler partner Lynn Sessions on preparing and responding to healthcare data breaches. In the article, "Breached: 10 Ways to Prepare and Respond," Sessions discusses potential consequences of failing to adequately respond to a data breach, including "regulatory penalties, fines, legal expenses, litigation, and reputational damage." She notes that "children's hospitals can mitigate the consequences of a breach if they invest the time, energy, and resources needed to implement a response program" and offers ten ways a hospital can prepare for or respond to a data breach in a discussion on the following:
- An incident reporting process
- A culture of HIPAA compliance
- Engaged leaders
- Outside privacy counsel
- A response plan and team
- External forensics
- Applicable state laws
- Relationships with vendors
- Investigation and risk assessment
- Cyber liability insurance
The article includes a checklist of items hospitals can review on a quarterly basis to keep their breach response plan current.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.