The U.S. Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) recently issued a Quick-Response Checklist, explaining the steps for a HIPAA-covered entity or its business associate to take in response to a cyber-related security incident. The Checklist includes:
-
Executing a response, mitigation procedures and contingency plans;
-
Reporting the incident to the appropriate law enforcement agencies and information-sharing and analysis organizations (“ISAO”); and
-
Reporting any breach to the OCR and affected individuals.
The Quick-Response Checklist reminds covered entities and business associates that the OCR considers all mitigation efforts during a breach investigation. Although the response to a cyber-related security incident will depend on the event at hand, all covered entities and business associates should develop a cyber-security response team and plan to immediately address potential security incidents.
© Copyright 2025 Armstrong Teasdale LLP. All rights reserved