Eight Tips to Polish Your Hospital's Patient Breach Response

However, if CEs still need to work on their policies, they should focus their energies on making sure staff members understand the process for and importance of prompt reporting.

"If your staff doesn't know who their privacy officer is, that's a problem," Simons says. "That's a good starting place. Make sure staff knows what a breach is and who to report it to. They should be encouraged to immediately report even the suspicion of an issue."

Document everything your organization does in response to a suspected breach, Simons adds. Conduct a risk analysis to expose your internal weaknesses. It could help you prevent a breach in the first place, which, after all, is the goal.

"What are your serious risks, and what are your minor risks?" Simons says. "How are you educating people, and are your policies and procedures in place? Get out there and do your rounds to see what's going on and see if you hear things."

This series contained excerpts from the HCPro, Inc., white paper, "HHS Breach Notification Interim Final Rule. Form Your Incident Response Team, Set Policies and Procedures to Comply with New Federal HIPAA Regulations."