Incident Response
2025.04.16
ClearHealth implements an information security incident response process to consistently detect, respond, and report incidents, minimize loss and destruction, mitigate the weaknesses that were exploited, and restore information system functionality and business continuity as soon as possible.
The incident response process addresses:
- Continuous monitoring of threats through intrusion detection systems (IDS) and other monitoring applications;
- Establishment of an information security incident response team;
- Establishment of procedures to respond to media inquiries;
- Establishment of clear procedures for identifying, responding, assessing, analyzing, and follow-up of information security incidents;
- Workforce training, education, and awareness on information security incidents and required responses; and
- Facilitation of clear communication of information security incidents with internal, as well as external, stakeholders
[!NOTE]
These policies were adapted from work by the HIPAA Collaborative of Wisconsin Security Networking Group.
Refer to the linked document for additional copyright information.
Policy Statements
ClearHealth policy requires that:
(a) All computing environments and systems must be monitored in accordance to the policies and procedures specified in the following ClearHealth policies and procedures:
- Auditing
- System Access
- End-user Computing and Acceptable Use
(b) All alerts must be reviewed to identify security incidents.
(c) Incident response procedures are invoked upon discovery of a valid security incident.
(d) Incident response team, workforce and management must comply with any additional requests by law enforcement in the event of criminal investigation or national security, including but not limited to warranted data requests, subpoenas, and breach notifications.
(e) Restrictions for violations of CHS security policies are applied after verification of a breach.
(f) Factors are considered when responding to an individual that is involved in the breach such as; impact, number of offenses, training, regulatory requirements, and contractual obligations.
(g) Documentation of employees involved in the incident include; steps taken, a timeline of the steps taken, notification process, any disciplinary action, as well as the final outcome of each incident.