If you are stricken, terrified, and think you have a BREACH

Here's a little guideline. Just keep it within reach

Wherever information went, WAS IT PHI?

If it was, you have a BREACH, but do not start to cry.

Here's a second question, WAS IT UNSECURED?

This could be a problem but it can be cured.

And now can you determine if the DISCLOSURE WAS UNLAWFUL?

Even if that was the case it might not be so awful.

Asking these three questions is where you ought to start

You now have a "suspected breach" but you should still take heart.

Because the next thing you must do is easy and quite clear

Log it in the BREACH LOG! This should take away your fear.

There's more to do to mitigate the breach that is suspected

Just a little follow up to make sure you've corrected

The conditions or the actions or the systems that are weak.

Next month we'll write another poem to tell you what to tweak.

By M. Smith

HCP Client Success Manager