HIPAA poem

HIPAA poem

Once a breach has been discovered and defined

Here are steps you should take to help to ease your mind.

The breach must now be "logged" just right

If you want to sleep at night.

It's not really all that complicated

It requires a list that's signed and dated.

First, how many were affected?

Then where was the breach detected?

Business Associates were involved?

If not, half of the problem's solved

Date of breach and when you knew.

Type of breach, location too.

Type of PHI exposed

Firewall good? Browsers closed?

Tell exactly how and when

Was required notice sent to them?

(those whose PHI was lost)

Your actions taken and the cost.

Mitigation steps complete?

Documented nice and neat?

Keep a history that's precise.

And now you're done. Isn't that nice?

Michael Smith, Client Success Manager