Breach Notification Framework

HSG-HIPAA-Breach-Notification-Framework Subscription Download 

Why do you need a Breach Notification Framework? Look at the Decision Points Flowchart for the answer to that question.


Expresso's Breach Notification Wizard has now captured and automated these Decision Points!

Section 13402 of the HITECH Act requires that HIPAA covered entities and their business associates provide various notifications following a breach of unsecured protected health information. Our Breach Notification Framework offers guidance for complying with HITECH’s Breach Notification requirements. With the Framework, you’ll be able to determine when, how and to whom breach notices must be sent and whether your existing plan needs a major overhaul or just a simple adjustment.

Would you know how to respond if a security incident occurred within your organization?

Surprisingly, not all security incidents trigger HITECH’s Breach Notification requirements. To determine when Breach Notification is triggered, the following three questions need to be answered:

  1. Was there an impermissible use or disclosure of unsecured PHI?
  2. Does an exception to HITECH’s Breach Notification Rule apply?
  3. Is there a low probability that the PHI in question was compromised?

If you reach Step three then the law presumes a breach. Our Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process.

Why do you need a Breach Notification Framework right now?

HITECH’s time-frame for providing breach notification is short. It is critical for organizations to have an action plan in place before a breach occurs. The processes and tools in our Framework arm your organization with the information it needs to become rapid response ready. In this case, the best defense is absolutely a good offense.

Why you should buy our Breach Notification Framework?

A PROCESS in a "BOX" – Covered entities and business associates need a repeatable, analytically sound, and consistent process by which notification decisions can be made. Our Framework provides a step-by-step methodology, including flowcharts, tools and templates that can be used to implement Breach Notification policy and procedures.

KNOW your NOTIFICATIONS – Our Framework's guidelines will help you provide necessary breach notification within the specified time frame, as required by HITECH. It will also help you determine when Breach Notification events are actually triggered.

SAMPLE DOCUMENTS - The framework includes model notification documents in an easily customizable format.

CUSTOMIZABLE – Even though our Breach Notification Framework was developed to be an “out of the box” solution for covered entities and business associates, we recognize that organizations have unique requirements and that processes evolve over time. Our Framework includes editable versions of documents that can be customized to meet your organization’s specific needs.

UNDERSTAND your OBLIGATIONS - Sooner or later, due to changes in the law, additional rulemaking by government agencies, or decisions by Federal Courts, unanticipated questions will arise. Our Framework helps you better understand the statutory/regulatory authority by providing context-sensitive links to the relevant legal text.