Incident Response Policy Draft

Verified

Added on 2020/03/04

AI Summary

The report outlines the necessity of an incident response policy for healthcare organizations, emphasizing compliance with HIPAA regulations. It details the roles of a multidisciplinary team, workflow processes, data management, documentation, and the dynamic nature of information security. The summary highlights the potential damage from data breaches and the importance of a well-framed policy to protect patient data and maintain organizational integrity.

Response Incident Policy 1
Student name-
Student ID-
Professor name-
Subject-
Date-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Response Incident Policy 2
Contents
Introduction:...............................................................................................................................................3
Incident response policy-draft:....................................................................................................................3
Summary:....................................................................................................................................................4
References:..................................................................................................................................................6

Response Incident Policy 3
Introduction:
ABC organization- ABC international mission is to protect and develop the therapies that can
extend quality of life. As a global, diversified healthcare company, ABC hosts a unique sequence
in setting standards for healthcare information through its expertise (He & Johnson, 2017).
Incident response policy-draft:
An incident response policy is required for healthcare organization as to meet The Health
Insurance Portability and Accountability Act (HIPAA) security rule.
In an organization, following are the areas which define and evaluate our incident response
policy-
1)Multidisplinary team- In organization, for handling patient data, roles will defined to each
member which includes doctors, nurses, IT personnel, contractors, insurance agents, outside
vendors etc. They will be divided into different level of leadership i.e. senior leadership, clinical
expertise, frontline leadership. The leader possesses a great knowledge of team strategies,
training techniques. One member in each team will possess process improvement experience e.g.
performance trending technique, data collection and presentation skills (Mills, Helm & Courtney,
2016).
2)Workflow process- To each person knowledge will give on a daily basis for workflow
process. This is important because when a data breach occur, then it can interfere workflow
processes. By maintaining proper incident response policy, it can be avoided and it will make our
policy stronger. E.g process for inpatient, his admission process in hospital, diagnosing process,

Response Incident Policy 4
and his discharging process. This relevant information of different processes is stored in system
and kept safe.
3) Data- Proper data will be maintained by IT department. In incident response policy, hardware
and software components will define which capture and store our patient data. Data will
maintained by three process- first is data in motion which includes email or other electronic
interchange like fax, second is data at rest which includes file system, flash drives, memory or
other storage method, third is data disposed which includes recycled data or discarded paper
records.
4) Documentation- Organization incident policy will be documented so that different aspects of
workflow and its implication can be found and what if damage occurs which requirements will
be needed.
5) Powerful or Dynamic: Information changes and updated at immense speed, so if the policy
can match or get updated accordingly, it will automatically get upgraded and hence can be very
productive and helpful for the organization (Survila & Smalskys, 2017).
Summary:
Data breaches can damage trust and reputation of organization, so a good framed policy can
prevent such happenings which will meet the specification of our incident response policy.
Health care organization can be a target for hackers because they store patient data. With the
incident response policy and maintaining proper documentation it can be avoided so the theft of
information, personnel lose can be prevented or minimized (Feldman et al., 2012). Logical rules
and instruction in policy, implemented to our organization, can resolve problems or confusion
about handling queries or information under diverse conditions. If people know what steps to be

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Response Incident Policy 5
taken, there steps will be adequate to protect the organization vital information through critical
and right responses. While it’s nearly impossible to predict every attack, our policy can nullify or
neutralize the attack with framed policy. Our incident response policy will support to rectify the
incident whether it is serious or moderate. On having incident response policy, legal issues which
may occur during incident can be tackle easily compared to be having without framed policy.
The experience gained after incident response will minimize the future incident and will provide
better protection for data and systems with the help of incident response policy.

Response Incident Policy 6
References:
He, Y., & Johnson, C. (2017). Challenges of information security incident learning: an industrial
case study in a Chinese healthcare organization. Informatics For Health And Social Care,
1-16.
Mills, A., Helm, J., & Courtney, B. (2016). From Incident to Inpatient: How Healthcare
Coalitions Can Improve Incident Response. SSRN Electronic Journal.
Survila, A., & Smalskys, V. (2017). Incident Management Structure Modernization for Disaster
Response Phase Management. Public Policy And Administration, 16(1).
Feldman, D., Lévesque, J., Lemieux, V., Tourigny, A., Lavoie, J., & Tousignant, P. (2012).
Primary Healthcare Organization and Quality-of-Life Outcomes for Persons with Chronic
Disease. Healthcare Policy | Politiques De Santé, 7(3), 59-72.