1. Draft local releases to include all information the HIPAA Breach
2. Consider the prospect of having their regional OPIA staff as a resource.
3. Give draft release to facility PO, who will send it to OIT’s Incident Resolution
4. Service. When the news release has been approved and sent out, give a copy to the facility PO and identify the media outlet(s), to which it was sent.
Public Affairs Office (PAOs): Follow Up
• When contacted by the news media, be prepared to say what the facility has done or is about to do to prevent a recurrence.
Procedures: Input/output controls are mechanisms intended to protect the confidentiality and integrity of sensitive information. Unauthorized access to documents containing …show more content…
VA Handbook 6500.1 and FSS SOP Media Protection provide specific procedures in accordance with NIST guidelines. ISOs are required to ensure local policy is in place, and that local procedures are implemented, documented, reviewed annually and revised as …show more content…
Transmitted data is encrypted,
d. The owner of data is defined and documented,
e. Computers are not left unsecured when processing or storing sensitive information,
f. Computer monitors will be positioned to eliminate viewing by unauthorized individuals, if unable to position monitors, a privacy screen must be used,
g. Sensitive information is placed out of sight when visitors are present,
h. Appropriate precautions are taken when sensitive information is discussed outside restricted areas,
i. Sensitive information is not left in the open or unattended, even temporarily. Sensitive information must be secured at every step in the process until destroyed. Sensitive material is stored in a secure safe or locked cabinet, and material is secured each evening or during any lunch periods or breaks,
j. Data is stored in a media storage vault or library that has restricted access and is environmentally protected, based on the highest FIPS 199 security category of the information recorded on the media.
(2) For moderate -, and high-impact systems, VA must employ automated mechanisms to restrict access to media storage areas where a significant volume of media is stored and to audit access attempts and access