If you have experienced a breach or a security incident, ecfirst can immediately assist to complete a thorough investigation to document all findings. A detailed documentation is required to address compliance mandates for the HIPAA Security Rule and HITECH Breach Notification.
Based on the results of the findings,
ecfirst can further assist to complete federal state breach notification
forms to ensure your organization meets required timelines and
ecfirst will specifically support the engagement with specialized compliance and security resources such as:
- A project manager with expertise in information security; and
- A technical professional with extensive security experience, to enable your organization to address incident and breach mandates for federal and state regulations (e.g. HIPAA, HITECH, or State regulations).
The scope of work includes the following
areas for which ecfirst can provide expert security resources, on-site
or off-site, as mutually determined, to address breach notification and
incident response requirements. The list below represents a possible example set of tasks and activities
that ecfirst security personnel may be assigned to and assist with. A
formal list will be established at the start of each quarter and may be
adjusted as mutually determined by both organizations. Additionally,
both organizations will mutually determine what activities are required
to be completed on-site and what tasks may be executed off-site.
Accomplishing some tasks off-site will enable your organization to
reduce the expense of the engagement.
Time-lines, reporting structure and frequency are to be mutually determined. A sampling of possible tasks and activities include:
- Interview key individuals across the enterprise to clearly establish timelines associated with the breach
- Analyze the incident information to establish assets that may have impacted by the incident
- Develop documentation to detail information about the breach or security incident
- Review and update incident and breach related policies to address to identify areas for improvement
- Any other compliance-related assignments that your organization and ecfirst agree are a priority and fall within ecfirst’s expertise
- Completion of federal and/or State breach notification forms
- Documentation of recommendations to enhance processes and capabilities to minimize such incidents in the future
- Other tasks as mutually determined.
Your organization would be responsible for the following:
- Assign a primary and backup Point of Contact (POC) to work with ecfirst
- Provide requested documentation to ecfirst, and in electronic format whenever possible
- Respond to communications and requests from ecfirst in a timely manner
- Perform review and provide feedback on ecfirst deliverables in a timely manner
- Provide VPN connectivity for the Security Engineer for the duration of the project.
Click Here for Breach, Rapid Response
|On-Demand Incident Rapid Response|
|Format for On-Demand Incident Rapid Response|
|Language for On-Demand Incident Rapid Response||English|