Class: Electronic Data Security

Assignment: Write a Security Incident Response Plan

Tip: For the second Written Assignment, Write a Security Incident Response Plan, this is just a reminder that you should write this plan on your own, in your own words, and not submit something that has been written by someone else or the grade will be an automatic 0.  I say this because there are some Security Incident Response Plans to be found on the internet and it is not appropriate to turn these in as your own work for this assignment.  Also the information that this must be a plan regarding a theft of more than 1000 patients’ information is important to know.  Your plan should specifically address what to do if this happens.  This is to be a specific plan addressing only that type of incident!  

HIPAA regulations mandate that each covered entity maintain a set of security incident procedures in order to formalize how it will respond in the event of security incidents.  What this means is that a healthcare organization will think of possible security events that might take place, and put together a plan of how they will handle each of these events if they occur, so that they are prepared.  These are called Incident Response Plans.


You are the new HIPAA Security Officer for a hospital and you found that there is no Incident Response Plan put together for the event of Major Electronic Theft of Protected Health Information (affecting More than 1000 patients) from your hospital.  Draft the Incident Response Plan that will be used at your hospital in the event of a major electronic theft of protected healthcare information (affecting more than 1000 patients).  Note that this would be regarding theft, not accidental disclosure.

  • In your plan, include the roles and responsibilities of staff members in the context of the incident.  Who will you include in your plan?  What staff roles will have tasks to carry out in this event?
  • Describe the ‘identification phase’ which is necessary for the staff to report that an incident has occurred.
  • Provide steps to be taken in response to the incident.
  • You may want to do some internet research regarding HIPAA Security Incident Response Plans to help with this assignment.  Be sure to cite your references.

Your paper should include the following criteria:

  • 2-3 pages in length, double-spaced.
  • Free of spelling, grammar, and punctuation errors APA format with In-text criterion.

Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.

Save your assignment as a Microsoft Word document

Open chat