Osteopathic Family Medicine, LLC
Home
Winter 2024/2025 Newsletter
Telehealth
Conditions Treated by Telehealth Visits
Start A Telehealth Visit!
Patient Resources
Prepare for your visit
Patient Portal For Messaging and Records
UPDOX Patient Portal Instructions
Trusted Web Resources
Community Resources
Vaccine Policy Statement
Online Bill Payment
About
About
Meet our Providers
Services Offered
Contact us, Practice Location, Google reviews
NCQA/PCMH Certification
Chronic Care Management
Insurances Accepted
Payment Policies
Privacy Practices
Our Healthgrades.com Reviews
Empower Yourself: Break the Migraine Cycle with Botox Therapy
Osteopathic Family Medicine, LLC
Home
Winter 2024/2025 Newsletter
Telehealth
Conditions Treated by Telehealth Visits
Start A Telehealth Visit!
Patient Resources
Prepare for your visit
Patient Portal For Messaging and Records
UPDOX Patient Portal Instructions
Trusted Web Resources
Community Resources
Vaccine Policy Statement
Online Bill Payment
About
About
Meet our Providers
Services Offered
Contact us, Practice Location, Google reviews
NCQA/PCMH Certification
Chronic Care Management
Insurances Accepted
Payment Policies
Privacy Practices
Our Healthgrades.com Reviews
Empower Yourself: Break the Migraine Cycle with Botox Therapy
Home
OFM Communications
Incident response to security breaches involving PHI
Incident response to security breaches involving PHI
Incident Response Procedure for Security Breaches Involving ePHI
Osteopathic Family Medicine, LLC
Key Points for Employees
Purpose
Ensure compliance with HIPAA in the event of a security breach involving electronic Protected Health Information (ePHI).
Provide clear roles, responsibilities, and actions for all staff.
Roles and Responsibilities
Dr. Aaron Way: Primary Lead for coordinating responses, external communication, and ensuring compliance.
Jessica Lindberg (Office Manager): Manages incident documentation, staff coordination, and follow-up.
All Staff (Midlevel Providers, Medical Assistants, Front Desk Staff):
Report incidents immediately.
Follow response instructions.
Key Steps in Incident Response
1. Preparation
System Details:
EMR: Amazing Charts.
Nightly on-site and off-site backups.
Secured server location.
Training:
Complete HIPAA Secure Now training.
2. Detection and Identification
Monitoring:
Regularly review access logs and server activity for suspicious patterns.
Reporting:
Report suspicious activity to Jessica Lindberg or Dr. Aaron Way immediately.
Initial Assessment:
Dr. Way confirms if the event is a security breach involving ePHI.
3. Response and Containment
Immediate Actions:
Disconnect affected systems.
Secure server physically.
Ensure off-site backups remain unaffected.
Documentation:
Jessica Lindberg records breach details and risks.
4. Assessment and Mitigation
Investigation:
Identify the root cause using forensic tools and Amazing Charts' support.
Mitigation:
Restore systems using secure backups.
Address vulnerabilities (e.g., software updates, access controls).
Assess Impact:
Determine scope and type of data affected.
5. Breach Notification
Timing: Notify affected parties, HHS, and media (if applicable) within 60 days.
Individual Notification: Send written details to affected patients, outlining breach and protective steps.
HHS Notification:
<500 individuals: Annual report to HHS.
≥500 individuals: Immediate report via HHS portal.
Media Notification: For breaches affecting ≥500 individuals, notify local media.
6. Recovery
System Restoration: Validate and secure restored systems before resuming use.
Enhanced Security:
Implement stronger passwords, access controls, or encryption.
Provide additional HIPAA training.
Documentation: Jessica Lindberg compiles a full incident report.
7. Post-Incident Review
Evaluation: Dr. Way leads a review of the response to identify areas for improvement.
Policy Updates: Revise protocols based on lessons learned.
Compliance: Ensure documentation meets HIPAA standards (maintain for six years).
Responsibilities of All Staff
Complete HIPAA Secure Now training annually.
Report suspicious activity immediately to Jessica Lindberg or Dr. Aaron Way.
Follow security policies for handling ePHI.
Summary for Compliance and Protection
This procedure ensures:
Confidentiality, integrity, and availability of patient data.
Compliance with HIPAA standards.
A structured response to minimize risks and enhance security.
{"follow":"Follow","edit":"Edit","reply":"Reply","suggestedTopics":"Suggested Topics"}
401-284-4555
55 Cherry Lane, Wakefield, South Kingstown, RI 02879, USA