HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



How to investigate a suspected breach

Email This Post Print This Post

Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.

Privacy officers who receive information via telephone can reasonably defer an immediate response by calmly assuring callers that they will review the situation and provide a prompt response.

Paper or electronic investigation forms with prompts and data fields facilitate gathering the relevant information (i.e., who, what, when, where, and why) about the incident, along with the reporting individual’s objective and subjective observations. Permitting workforce members to complete and submit such forms or making them available during the initial contact facilitates gathering more complete information about the breach.

Healthcare organizations should include a confidentiality notice on all forms that they develop and use to document information pertaining to a breach of patient information.

This post is adapted from the book The Privacy Officer’s Breach Response Toolkit, by Nancy A. Davis, MS, RHIA, CHPS, director of privacy and security officer at Ministry Health Care in Milwaukee. Learn more about the book, published by HCPro, Inc.


  1. Preston says:

    Breaches should be virtually impossible if the system is suecure. mobile Hippa Texting apps such as qliqsoft.com and tigertext have helped to develop systems where breaches would never take down a system!

  2. WHAT is the problem with your site that allowed the extremely long comment above to be presented as it is and then to be repeated??

  3. Jaclyn Fitzgerald says:

    Hi, Joe. Unfortunately, it looks like the SPAM filter didn’t catch those comments before they were posted. The comments have been removed.

Leave a Reply