HIPAA - Breach Notification

USA Health Insurance Portability and Accountability Act of 1996 (HIPAA) covers organizations that use, store, or process Private Health Information (PHI). The HIPAA Breach Notification Rule requires companies that deal with health information to disclose cybersecurity breaches; the disclosure will include notification to individuals, to the media, and the Secretary of Health and Human Services. This playbook is triggered by a HIPAA breach notification incident and follows through with the notification procedures.

DISCLAIMER: Please consult with your legal team before implementing this playbook.

** Source: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

  • GenerateInvestigationSummaryReport
  • SetGridField
  • Sleep

Commands

  • setIncident
  • extractIndicators
  • closeInvestigation
  • send-mail

Playbook Inputs


NameDescriptionDefault ValueRequired
ContactNameIn case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.Optional
ContactEmailAddressIn case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.Optional
ContactTelNumberIn case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.Optional
CompanyNameIn case of a breach, the company details to display in the breach report.Optional
CompanyAddressIn case of a breach, the company details to display in the breach report.Optional
CompanyCityIn case of a breach, the company details to display in the breach report.Optional
CompanyCountryIn case of a breach, the company details to display in the breach report.Optional
AutoNotificationThis input determines if the resident notification should be done automatically or manually.

True - Automatically False - Manually. | False | Optional | | ResidentNotification_WhatCanTheyDo | An explanation to the individual's notification email of what can they do. | First, change your online login information, passwords, and security questions-and-answers. Second, if you used similar login information and passwords for different sites - change the login information, passwords, and security Q&A to them, too. Third, pay attention if you start receiving notices of password changes to your current accounts or find yourself locked out of your accounts. Fourth, Consider implementing two-factor-authentication to your account to reduce the risk of unauthorized access in your account. | Optional |

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


HIPAA - Breach Notification