- Incident Response Plan
- IS Org Structure
- IS Policies (summary)
- Confidentially agreements
- Litigation holds
- e-Discovery requests
What is your Incident Response Plan?
- The Company shall implement an Incident Response Plan to be utilized in the event of a PHI environment system breach. (§164.308(a)(6)(i))
- The Incident Response Plan must identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes. (§164.308(a)(6)(ii))
- The Incident Coordinator shall be responsible for establishing all security incident response and escalation procedures including documentation and distributed to ensure timely and effective handling of all situations.
This incident response plan will address the following at a minimum:
- Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum
- Specific incident response procedures
- Business recovery and continuity procedures
- Data back-up processes
- Analysis of legal requirements for reporting compromises
- Coverage and responses of all critical system components
- Reference or inclusion of incident response procedures from the payment brands.
For more details, please reference ER Express documents, found on Documents & Certificates
- 3a. HIPAA- Incident Response Policy
- 3b. HIPAA-Incident Response Plan
What is ER Express' Information Security organizational structure?
Chain of command:
- Sahil Patel (CEO, ER Express)
- Sujit Kar (VP of Product, ER Express)
- Michael Cutter (VP of Business Development, ER Express)
- Valencia Cody (Accounting/Finance Director, ER Express)
What are ER Express Information Security policies?
- The Company’s PHI security policies are designed to provide guidance for compliance with the HIPAA security requirements.
- These policies are not intended to replace any existing enterprise security policies.
- ER Express has implemented policies and procedures to prevent, detect, contain and correct security violations. (§164.308(a)(1)(i))
For more information, please see:
- HIPAA – Information Security Policy_v2.0 (found on Documents & Certificates
Do your employees acknowledge policies or sign confidentiality agreements?
Do you have a Disaster Recovery Plan?
Yes. ER Express' Disaster Recovery Plan is available for download in Documents & Certificates.
Do you have a process for handling litigation holds?
- CEO will immediately send the letter to the Company counsel
- Counsel will draft a response letter to all concerned parties
- Send written and verbal instructions to internal team members
"A litigation hold is a written directive advising custodians of certain documents and
electronically-stored information (“ESI”) to preserve potentially relevant evidence in anticipation of
future litigation. Also called “preservation letters” or “stop destruction requests,” these communications
basically advise of the possibility of future litigation and identify relevant documents and ESI which
should be preserved. "
Do you charge a fee to place data on hold?
Do you charge a fee for e-Discovery requests?