Practice your response plan with a relevant simulation
Nothing achieves learning like doing. You can talk and type for days about your process, but in a simulation your team will learn how to assess, and to distribute the decision-making processes. Pick scenarios that are most likely to occur, but have lower impact, as well as those that are less likely, but have a big impact on your organization.

Revisit what worked and what didn’t in the simulation

Whether a simulation or an actual reportable incident, always regather the team to document what happened, what worked, what didn’t. What did you learn? Where was the vulnerability and what can you do differently? What dependencies did you find that you need to articulate and document in advance for the future? This process will also make evident if you would benefit by bringing in security experts to coach your team and inform your process.

In a serious security incident, every second matters. Every second will be affecting your ROI, your reputation, and potentially the lives of patients. Waiting until a security incident to plan for it will cost your organization unnecessary pain and lost revenue, and tragically, can cost patients as much as their life. Be prepared.


About the author: Chris Bowen is chief privacy and security officer and founder of ClearDATA. ClearDATA offers technology and services to assist organizations with their healthcare cloud computing and security needs. Chris is a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Technologist (CIPT) from the International Association of Privacy Professionals; and Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP℠) from (ISC)2.

Back to HCB News

Health IT Homepage