xs
sm
md
lg
xl
View Production

BD Performing Arts Breach Policy

1. Introduction

BD Performing Arts is committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). This breach policy outlines the procedures for responding to a breach of PHI, including detection, response, and notification.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who have access to BD Performing Arts' technology systems and data.

3. Breach Detection and Reporting

3.1. Detection

All employees and contractors must remain vigilant for any signs of a breach, including but not limited to:

  • Unauthorized access to systems containing PHI
  • Unusual activity in system logs
  • Lost or stolen devices containing PHI
  • Any other suspicious activity

3.2. Reporting

If a breach or suspected breach is detected, it must be reported immediately to the Chief Executive Officer (CEO) and the Director of Technology. The report should include:

  • A description of the breach
  • The date and time the breach was discovered
  • The systems and data affected
  • The suspected cause of the breach

4. Breach Response

4.1. Containment and Eradication

Upon notification of a breach, the CEO and Director of Technology will:

  • Immediately contain the breach to prevent further unauthorized access.
    • Toggle on Killswitch at appropriate level to prevent any logins.
    • Increase Security Level of CloudFlare to Maximum Security Level.
  • Identify and mitigate any vulnerabilities that contributed to the breach.
  • Work with the IT team to isolate affected systems and data.
  • Eradicate malicious software or any other threats involved in the breach.

4.2. Investigation

The Director of Technology will conduct a thorough investigation to determine the scope and impact of the breach, including:

  • Identifying all affected individuals and systems.
  • Assessing the types of PHI involved.
  • Determining the likelihood of data misuse.
  • Documenting all findings and actions taken.

5. Notification

5.1. Timeliness

BD Performing Arts will notify affected individuals, the Department of Health and Human Services (HHS), and, if necessary, the media, without unreasonable delay and no later than 60 days after the discovery of the breach.

5.2. Content of Notification

Notifications to affected individuals will include:

  • A brief description of the breach, including the date of the breach and the date of discovery.
  • A description of the types of PHI involved (e.g., full name, Social Security number, date of birth, home address, account number).
  • Steps individuals should take to protect themselves from potential harm.
  • A brief description of what BD Performing Arts is doing to investigate the breach, mitigate harm, and prevent further breaches.
  • Contact information for individuals to ask questions or learn additional information.

5.3. Methods of Notification

Notifications will be provided via email to the affected individuals.

6. Documentation and Record Keeping

BD Performing Arts will maintain documentation in Jira of all breaches, including:

  • The nature, severity and timeframe of the PHI involved.
  • The identity of unauthorized persons who accessed the PHI.
  • Whether the PHI was acquired/downloaded or viewed.
  • The extent to which the risk to the PHI has been mitigated.
  • All notifications and correspondence related to the breach.

7. Training and Awareness

BD Performing Arts will provide regular training to all employees, contractors, and third-party service providers on the importance of protecting PHI and the procedures for reporting and responding to breaches.

8. Review and Updates

This policy and the security of BDPA will be reviewed and updated annually, or as needed, to ensure continued compliance with HIPAA regulations and to address any changes in BD Performing Arts' technology stack or procedures.

For any questions or concerns regarding this policy, please contact the Chief Executive Officer.

This policy ensures that BD Performing Arts maintains compliance with HIPAA regulations and takes appropriate steps to protect the privacy and security of PHI.

Your browser is out-of-date.

Please update your browser to view this website correctly. Show Me Where To Get The Update

×