The document discusses incident management at eHealth Ontario. It defines privacy incidents, security incidents, and privacy breaches. It outlines eHealth Ontario's incident management framework, activities, and metrics. It also discusses developing incident response capabilities, the incident initiation process, and lessons learned around effective incident management.
3. What’s involved… > Identify, contain, triage & remedy incidents. > Short term: Contain damage; Restore normal operations. > Long term: Avoid problems in future.
4. Privacy Incident : One or more events that may involve the unauthorized use, collection, disclosure, or disposal of personal or personal health information. Distinct from “breach”.
5. Security Incident : One or more events that have a significant probability of compromising business operations or threatening an organization’s information security .
6. Privacy Breach : One or more events confirmed to involve, or having a high probability of involving, the unauthorized use, collection, disclosure, or disposal of personal or personal health information.
7. Not every event is an incident. Internal – High Client - All Missing Equipment All Un-authorized Use Medium Privacy Medium Network Attack High Malware Severity to Trigger ESPIM Incident Type