Last week at a gathering of privacy, security, compliance and legal professionals in New York, hosted by AHA and ID Experts, Meredith Philips, the Chief Privacy Officer of Henry Ford Health Systems, spoke about the lessons her organization learn from responding to data breaches. She told the story of their first notifiable data breach and how they decided to handle it internally. As you can imagine it did not turn out as they expected.
“In deciding to take this path, it took them almost the entire mandated 60 day period to meet their HHS/OCR notification requirements. Because of their organization’s culture, and the associated importance of patient care and safety, they used this experience as an opportunity to learn how to better prepare their organization to respond to data breach incidents in a more timely manner.”
But like a good organization they learned from their mistakes. Since that breach they have partnered with ID Experts, amongst other organizational and policy changes, to create a new program for data breach response. Doug Pollack was at the event in New York and you can read his full write up here.