Day 38 — Getting Momentum

Welcome back! Today I continued working through the backlog of HIPAA compliance activities and got some feedback on our app. Both went really well and the list of unknowns for our compliance work seem to be rapidly decreasing — good news for our company and my sanity.

Here’s how it went.

1 — Incident Response

Impact Categorization Levels

I started by going through my asset inventory and identifying a rating for the impact on each system across Confidentiality, Integrity, and Availability. I set a low/medium/high impact score as follows (pulled from here):

  1. Low Impact: The loss of confidentiality, integrity, or availability could be expected to have a limited adverse
    effect on organizational operations, organizational assets, or individuals.
  2. Medium Impact: The loss of confidentiality, integrity, or availability could be expected to have a serious adverse
    effect on organizational operations, organizational assets, or individuals.
  3. High Impact: The loss of confidentiality, integrity, or availability could be expected to have a severe or
    catastrophic adverse effect on organizational operations, organizational assets, or individuals.

Playbook

The result is version 01 of a playbook we can use, primarily in the event of a breach incident.

The Playbook

2 — Secure System Management

I crossed this domain area off my list but didn’t make any actual progress. This area is all about how we plan, develop, and deploy our app so I’ll need help from my dev team to complete it. I did end up identifying known gaps so we can more easily evaluate and implement the policy (and update as needed).

More to come!

3 — Privacy Management

Last but not least was updating our Privacy Policy and Terms of Use.

I highly recommend iubenda.com to generate these policies: it saves me an enormous amount of time and money on generating them (not to mention it’s easily translated once we get big enough!).

I also like the fact that its Privacy Policy is super readable and easy to understand what data is collected.

Here’s what the iubenda Dashboard looks like

Privacy Policy

And here’s the result: www.invincibleapp.com/privacy

Terms of Use

And here’s our Terms of Use: www.invincibleapp.com/terms

What’s Next?

Continue clean-up work.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store