What is OneRecord's process for identifying, triaging, and resolving critical issues?
We use a 5-phase procedure as outlined in the OneRecord Security Incident Management Procedure that includes the Identification, Containment, Eradication, Recovery, and Lessons Learned phases. Additionally, we follow the process as defined in the OneRecord Incident Response Plan including applicable HIPAA Breach Notification rules.
What is OneRecord's timeline process for identifying, triaging, and resolving critical issues follow?
We have proactive monitoring in place to detect potential issues and immediately investigate issues in the Identification Phase to determine the priority that needs to be assigned to the issue. Issues that are High severity are investigated immediately and all applicable procedures are applied including any HIPAA Data Breach Notification procedures.
What is OneRecord's process for proactively communicating critical issues to users?
Initial communications happen in the “Containment/Communication” phase of the OneRecord Security Incident Management Procedure. Subsequent communications to end users, customers, and other relevant parties happen as part of the Recovery Phase as identified in the same document. Communications required for HIPAA Breach Notifications are adhered to as required by HIPAA and specified in the OneRecord Incident Response Plan.
What timelines does OneRecord proactively communicate critical issues?
For HIPAA data breach notifications a 60 day period is followed unless otherwise required in a contract and/or to be in alignment with state laws or other requirements). For all other issues communication is determined based on the severity of the issue.
Questions
If you have any questions or concerns please contact us via the "help icon" in the bottom right hand corner of the screen or email us at support@onerecord.com.