HIPAA - Breach Notification
USA Health Insurance Portability and Accountability Act of 1996 (HIPAA) covers organizations that use, store, or process Private Health Information (PHI). The HIPAA Breach Notification Rule requires companies that deal with health information to disclose cybersecurity breaches; the disclosure will include notification to individuals, to the media, and the Secretary of Health and Human Services. This playbook is triggered by a HIPAA breach notification incident and follows through with the notification procedures. DISCLAIMER: Please consult with your legal team before implementing this playbook. ** Source: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
HIPAA - Breach Notification · 54 tasks · 9 inputs · 0 outputs
Inputs
ContactName— In case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.ContactEmailAddress— In case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.ContactTelNumber— In case of a breach, the contact details to send to the Secretary of HHS and the affected individuals.CompanyName— In case of a breach, the company details to display in the breach report.CompanyAddress— In case of a breach, the company details to display in the breach report.CompanyCity— In case of a breach, the company details to display in the breach report.CompanyCountry— In case of a breach, the company details to display in the breach report.AutoNotification— This input determines if the resident notification should be done automatically or manually. True - Automatically False - Manually.ResidentNotification_WhatCanTheyDo— An explanation to the individual's notification email of what can they do.
Commands used
closeInvestigation
extractIndicators
send-mail
setIncident