4-1 Short Paper: Responding to a Data Breach

Responding to a Data Breach
Student’s Name
Institution
Responding to a Data Breach
Electronic health records of the patients are susceptible and private. They, therefore, need to be protected from getting into the hands of an authorized person. The HIPPA privacy rule gives health facilities the duty to protect the information. By leaving behind that laptop, therefore, part 160 and part 164 (Section A and E) have already been violated. This is because the facility has failed to secure the data and protect it (HHS.gv, 2015).
The Potential Impact and the Severity of the Incident
The immediate impact of this act is that the information may be accessed by an unauthorized person. Additionally, this crucial data may end up being destroyed or get lost if the person who gets hold of the laptop has ill motives (Martin, Borah & Palmatier, 2017).
The most severe part of such a breach is that the information ends up being used to invade the privacy of the patient by accessing patients’ confidential information. Such a breach may make the patient go ahead and sue the facility create a lawsuit that may tarnish the facilities name (Martin, Borah & Palmatier, 2017).
Phases of Handling Data
The case is challenging since the computer is already stolen. The first reaction is to deactivate any accounts that have the passwords saved on the laptop browser. Then all any password related to a larger database and even for cloud servers should be changed with immediate effect. These two measures ensure that the only stolen data is that which is contained in the computer alone.

Lastly, make arrangements for the possible tracking of the laptop (Westin, 2015).
Recommendations
All the computers in the health facility should be protected through encryption with the key only available to the manager of the facility (Ibraimi, Tang, Hartel & Jonker, 2008).
The computers should be programmed to shut down all the data after 2 minutes of inactivity. References
HHS.gv. (2015). The HIPAA Privacy Rule. Health Information Privacy. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
Ibraimi, L., Tang, Q., Hartel, P., & Jonker, W. (2008, August). A type-and-identity-based proxy re-encryption scheme and its application in healthcare. In Workshop on Secure Data Management (pp. 185-198). Springer, Berlin, Heidelberg.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), 36-58.
Westin, K. V. (2015). U.S. Patent No. 9,083,624. Washington, DC: U.S. Patent and Trademark Office.