Question

You work for a clinical lab testing center, Gene-Reader. Genetic tests can result in a tremendous amount of data, and Gene-Reader hired a third party, Cloud Hosting Services (CHS), to store the data in the cloud. CHS notifies Gene-Reader that their data security infrastructure was breached. Genetic data, with identifying information about patients, was stolen. What should Gene-Reader do?

Writing assignments should be no more than two pages (double-spaced with 12 point font and one inch margins and excluding a bibliography)

Answer 1

Five steps health care organisations should take in response to data security breach are :-

1. Identify vulnerabilities - The first step is to identify the root of problem and isolate any security issues to stop the breach . It will involve a risk analysis to determine the nature and scope of security breach as well as its origin .

2. Seek professional legal and security counsel - Take advice from the legal and Security counsel on how to deal with such situations and also they will guide how to handle people affected by data leak and help prepare you for the potential of liability lawsuits. They will fix network issues and ensure all the systems are working securely.

3. Notifying appropriate parties - According to the HIPAA breach notification rule ,any breach of patient health information should adhere to a strict breach notification process. The organisation should inform the patients whose information has leaked and also the secretary of HHS. If the number of patients is more than 500,then media should also be informed . If any separate breach law is present in the state then it also has to be informed .

4.Address risk - after the discovery of breached patient data ,check for any further risks involved and do a thorough analysis to find the risk and should work to implement a safe network and protect it from future attacks .

5. Managing the consequences - violation of HIPAA results in costly fines . Depending on the circumstances imprisonment also may be there as a part of punishment for violating the rules .