Jill's Demo Document

This is the styling for Heading 3

This is paragraph.

Here is some important code:

important code!span.code {
  display: inline-block;
  background-color: #eee;
  padding: 5px 10px;
  margin: 5px;
  font-family: monospace;
}

• (2) Insert/edit link: External link to update
• (3) Insert/edit KB link doc: This pulls the document title and can be found in Linked from feature. Florence eBinders: Resource Library
• (4) Insert/edit KB include doc: Pulls in entire page contents, which you can see in Preview.
  1. Purpose
     1. The purpose of this document is to provide a procedure to Platform X administrators for security incident response.
  2. Definitions
     1. Electronic Protected Health Information (ePHI): Any individually identifiable health information protected by HIPAA that is transmitted or stored in electronic media.
     2. Cybersecurity Event: an occurrence captured in some logging mechanism or observed by an individual which suggests the potential for unauthorized access to ePHI or other restricted data to the extent that additional investigation need be conducted promptly.
     3. Incident:  an event has been verified to have occurred involving PHI or other restricted data which has been reviewed and does not appear to be authorized.
  3. Procedures
     1. Reporting of a security event (potential incident)
        
        1. Report to your manager and the CHI2 Platform X Platform owner or Security staff.
        2. If neither are available,
        1. report to UW-Madison Campus Cybersecurity, the HIPAA Security Officer or the HIPAA Privacy Officer using the "Report a HIPAA Incident" on https://compliance.wisc.edu/hipaa/
        2. And also send an email or voice mail to your manger and the CHI2 Platform X Platform owner or Security staff.
     2. Investigation of a security event
        
        1. Upon notification of a security event, the manager will ensure that the the CHI2 Platform X Platform owner or Security staff has been notified and is conducting an investigation
        2. The CHI2 Platform X Platform owner or Security staff will notify the CHI2 Data Security Officer of the initiation of the triage / initial investigation.
        3. Event investigation can use the campus Incident Reporting and Response Procedures Template or similar tool for documentation. The event investigation and a copy of the corresponding documentation must be tracked in the Platform X ticketing system. (Template - https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-template)
     3. Determination and next steps
     1. The Data Security Officer, in conjunction with the Platform X system owner will determine if the event can clearly be ruled out as zero potential for breach (unauthorized exposure) of ePHI. The Incident Reporting and Response flow will be followed: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart
     2. They will document their analysis in the incident ticket and notify the Chief Biomedical Informatics Officer and SMPH Cybersecurity team.
     3. They will follow the procedures from UW- Madison Office of Cybersecurity, https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures
  4. Related Documents
     1. Template - https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-template
     2. Incident Reporting and Response Procedures: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures
     3. Incident Reporting and Response Flow diagram: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart
  5. Related Standards, Policies and Procedures
     1. Incident Reporting and Response Policy: https://policy.wisc.edu/library/UW-509
     2. Reporting of HIPAA Incidents and Notifications in the Case of Breaches of Unsecured Protected Health Information: https://policy.wisc.edu/library/UW-131