If you are stricken, terrified, and think you have a BREACH
Here's a little guideline. Just keep it within reach
Wherever information went, WAS IT PHI?
If it was, you have a BREACH, but do not start to cry.
Here's a second question, WAS IT UNSECURED?
This could be a problem but it can be cured.
And now can you determine if the DISCLOSURE WAS UNLAWFUL?
Even if that was the case it might not be so awful.
Asking these three questions is where you ought to start
You now have a "suspected breach" but you should still take heart.
Because the next thing you must do is easy and quite clear
Log it in the BREACH LOG! This should take away your fear.
There's more to do to mitigate the breach that is suspected
Just a little follow up to make sure you've corrected
The conditions or the actions or the systems that are weak.
Next month we'll write another poem to tell you what to tweak.
By M. Smith
HCP Client Success Manager