FAQ: What Is A Table-Top Privacy Breach Fire Drill?

Описание: #PracticeManagementNuggets #privacybreach #healthcare
What Is A Table-Top Privacy Breach Fire Drill?

Table-top privacy breach fire drills are a cost-effective way to prepare for a privacy and security incident in your healthcare organization. You should have a written privacy breach incident response plan in your healthcare practice. Have you practiced your response plan lately?

A table-top privacy breach fire drill allows your incident response team to rehearse their skills in a controlled exercise.

Do you remember your school days when every month or two you had a fire drill? The fire alarm would go off and everybody would go out the doors and very calmly go down the stairs and out the doors and into their muster point.

We take the same approach with privacy breach fire drills. Fires can happen at different times, places, and for different reasons. Whey you change the scenario, you develop alternate strategies or playbooks to best respond to the fire.

A privacy breach incident playbook contains all the actionable steps to take when a privacy beach incident occurs. Your playbook will have many ‘plays’ or actions to take when different types of privacy breach incidents occur. You could also think of it as a recipe book. You have many types of recipes to select from. Identify the ingredients that you have on hand (or the characteristics of the latest privacy incident) and select the most appropriate recipe to resolve the incident.

Picture this. You call a meeting of your incident response team. This may include your privacy officer, computer network support or managed services provider lead, physician, dentist, or other healthcare lead, your media spokesperson, and clinic manager. The privacy officer distributes a privacy breach incident scenario summarized on one page.

The team members read the scenario and then discuss what steps that they would take to respond to the privacy breach incident.

Using the 4 Step Response Plan [LINK https://informationmanagers.ca/4-step] as your playbook guideline, the incident response team note-keeper documents the hypothetical steps that the team takes to respond to the breach. Record the decisions, the resources, and the questions that you explore in this scenario.

Show Notes
Recorded: February 23, 2021
00:38 Introduction Jean L. Eaton
00:45 Find an example.
Saskatchewan IPC finds ransomware attack results in one of the largest privacy breaches in this province involving citizens’ most sensitive data. January 8, 2021 - Ron Kruzeniski, Information and Privacy Commissioner. https://oipc.sk.ca/saskatchewan-ipc-f...
04:15 4 Step Response Plan
05:20 Step 1 Contain the Breach
05:50 Step 2 Evaluate the Risks
06:54 Step 3 Notify
07:19 Step 4 Prevent The Breach From Happening Again
https://informationmanagers.ca/4-step

Brought to you by your Practical Privacy Coach and Practice Management Mentor Get the article here: https://informationmanagers.ca/privac...