Platform X - Incident Response Procedure

This is the Platform X Incident Response Procedure
  1. Purpose
    1. The purpose of this document is to provide a procedure to Platform X administrators for security incident response.
  2. Definitions
    1. Electronic Protected Health Information (ePHI): Any individually identifiable health information protected by HIPAA that is transmitted or stored in electronic media.
    2. Cybersecurity Event: an occurrence captured in some logging mechanism or observed by an individual which suggests the potential for unauthorized access to ePHI or other restricted data to the extent that additional investigation need be conducted promptly.
    3. Incident:  an event has been verified to have occurred involving PHI or other restricted data which has been reviewed and does not appear to be authorized.
  3. Procedures
    1. Reporting of a security event (potential incident)
      1. Report to your manager and the CHI2 Platform X Platform owner or Security staff.
      2. If neither are available,
        1. report to UW-Madison Campus Cybersecurity, the HIPAA Security Officer or the HIPAA Privacy Officer using the "Report a HIPAA Incident" on https://compliance.wisc.edu/hipaa/
        2. And also send an email or voice mail to your manger and the CHI2 Platform X Platform owner or Security staff.
    2. Investigation of a security event
      1. Upon notification of a security event, the manager will ensure that the the CHI2 Platform X Platform owner or Security staff has been notified and is conducting an investigation
      2. The CHI2 Platform X Platform owner or Security staff will notify the CHI2 Data Security Officer of the initiation of the triage / initial investigation.
      3. Event investigation can use the campus Incident Reporting and Response Procedures Template or similar tool for documentation. The event investigation and a copy of the corresponding documentation must be tracked in the Platform X ticketing system. (Template - https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-template)
    3. Determination and next steps
      1. The Data Security Officer, in conjunction with the Platform X system owner will determine if the event can clearly be ruled out as zero potential for breach (unauthorized exposure) of ePHI. The Incident Reporting and Response flow will be followed: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart
      2. They will document their analysis in the incident ticket and notify the Chief Biomedical Informatics Officer and SMPH Cybersecurity team.
      3. They will follow the procedures from UW- Madison Office of Cybersecurity, https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures
  4. Related Documents
    1. Template - https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-template
    2. Incident Reporting and Response Procedures: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures
    3. Incident Reporting and Response Flow diagram: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart
  5. Related Standards, Policies and Procedures
    1. Incident Reporting and Response Policy: https://policy.wisc.edu/library/UW-509
    2. Reporting of HIPAA Incidents and Notifications in the Case of Breaches of Unsecured Protected Health Information: https://policy.wisc.edu/library/UW-131


Keywords:
Procedure,Template, Platform X, Px, Cybersecurity, incident 
Doc ID:
113471
Owned by:
Tom C. in SMPH Research Informatics
Created:
2021-09-07
Updated:
2024-08-19
Sites:
SMPH Research Informatics , SMPH Research Informatics TEST