We take the security and data privacy of our clients very seriously. Below is our process for notifying all affected client organizations of a potential data breach.
- Identify the nature and extent of the PHI (protected health information) involved, including the types of identifiers.
- Identify the unauthorized access/account and disable it.
- (If PHI is involved) further identify the extent of the risk to the PHI has been mitigated.
- Depending on the severity of risk, web servers and databases may be disabled. 5. Notify the client organization affected.
- Notify the account users who may be affected by the breach.
- If breach requires notification to covered entities under HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, we will comply and submit the necessary documentation.