1. Update policies and procedures to include mobile devices and BYOD.
This is especially critical if your organization permits employees and medical staff to use their own mobile devices to connect to their networks or enterprise systems such as email.
2. Operationalize pre-breach and post-breach processes, including incident assessment and incident response procedures.
3. Ensure the Incident Response Plan (IRP) covers business associates, partners and cyber insurance. Third parties can be the weak link in the PHI food chain.
See the rest of the article: http://www.govhealthit.com/print/20271