Add to collection(s) Add to saved
  1. No category

Policy Security #0006 - Security Incident Procedures

East Carolina University
HIPAA Security Policies
Subject: Security Incident Procedures
Policy #: Security-0006
Supersedes:
Effective Date: April 21, 2005
Coverage: ECU Health Care Components
Page: 1 of 2
Approved:
Revised: December 9, 2010,
March 29, 2012, May 30, 2013
Review Date: May 30, 2013
HIPAA Security
Rule Language:
“Implement policies and procedures to address security incidents.”
Regulatory
Reference:
45 CFR 164.308(a)(6)(i)
I.
PURPOSE
This policy reflects East Carolina University’s commitment to implement policies and
procedures for detecting and responding to security incidents.
II.
AUTHORIZATION AND ENFORCEMENT
Health Care component management and/or administrator(s) are responsible for
monitoring and enforcing this policy, in consultation with the ECU IT Security Officer,
ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer.
III. POLICY
ECU Health Care Components must have a formal, documented process for quickly and
effectively detecting and responding to security incidents that may impact the
confidentiality, integrity, or availability of the University’s information systems.
All ECU Health Care Components’ actions to respond to and recover from security
incidents must be carefully and formally controlled. At a minimum, formal procedures
must ensure that all actions taken are intended to minimize the damage of a security
incident and prevent further damage, all actions taken are carefully documented, and all
actions taken are reported to appropriate management and reviewed in a timely manner.
All ECU workforce members must report any observed or suspected security incidents as
quickly as possible via the University’s security incident reporting procedure.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 1 of 2
HIPAA Security Policy #0006: Security Incident Procedures
IV. APPICABILITY
This policy is applicable to all workforce members who are responsible for or otherwise
administer a healthcare computing system. A healthcare computing system is defined as
a device or group of devices that store EPHI which is shared across the network and
accessed by healthcare workers.
V.
PROCEDURE
The following safeguards must be implemented to satisfy the requirements of this policy:
1. ECU Health Care Components must have a formal, documented process for quickly
and effectively detecting and responding to security incidents, as specified in the
Response and Reporting Standard.
VI. DEFINITION
A security incident is defined as any event that creates a risk to the confidentiality,
integrity, or availability of EPHI.
VII. COORDINATING INSTRUCTIONS
1. All section policies, standards and procedures will be reviewed annually. Every
section policy, standard and procedure revision/replacement will be maintained for a
minimum of six years from the date of its creation or when it was last in effect,
whichever is later. Other East Carolina University, University of North Carolina
system, or state of North Carolina requirements may stipulate a longer retention.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 2 of 2
Related documents
Standard Security #0006a - Response and Reporting
Standard Security #0006a - Response and Reporting
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
Document15457473 15457473
Document15457473 15457473
Student Financial Assistance Form
Student Financial Assistance Form
Standard Security #0005b - Protection From Malicious Software
Standard Security #0005b - Protection From Malicious Software
Download