Does HIPAA Require Forensics Investigation?

The HealthcareIT News, recently interviewed me for an article—5 Reasons to Use Forensics—about the reasons for using digital forensics as an investigation tool when an electronic incident is discovered. There's a mystery about the term computer forensics since to many non-geeks, forensics can be hard to grasp.

Forensics is used to uncover the truth, the root cause about what happened and how it happened. I was recently asked if HIPAA requires forensics investigation after an incident. I gave the same answer when I am asked whether encryption is required by HIPAA?—no, as long as you have implemented or conducted an investigation that represents a reasonable/sufficient alternative. When a regulatory agency like HHS/OCR investigates a covered entity after a breach, it asks for documented actions by the entity to determine the root cause of the incident and the steps taken to prevent the incident from happening again. Forensics is an invaluable tool for ensuring a credible and compliant incident response and protecting your reputation. The time to consider your forensics options is well before an incident happens. So it is best to explore your internal and external options and update your incident response plan accordingly.