How to Respond When Patient Data Has Been Compromised

Published in Member Communities on July 24, 2019

date image

Every business should have a plan in place for how they will respond to a crisis. This is even more true for healthcare industries where a crisis doesn’t just mean maintaining your own reputation, but the livelihood of your patients. You need to have a plan in place should a cyber security breach occur. Discuss these tips at your next board meeting and put a plan in place for how you will go about handling a situation like this.

Act Fast

A security breach is incredibly serious. Acting slow will only cost you more financially in the end. Delayed responses open up the opportunity for more patient data being stolen and compromised. Too often, companies try to deny that they have a security issue, or justify it by saying it’s minimal. The first step is to work with a trusted security company to determine if the incident caused patient data to leave your network and how many patient records were compromised. The results of this forensic work will determine if the incident was a breach.

It’s important to note that the laws and regulations differ per state. For example, in Iowa if you have more than 500 patient records that have been stolen it is considered a breach. Acting quickly can keep it from spiraling out of control and minimize the financial impact.

Be Honest

The public can sniff out a lie and any kind of fabrication fairly easily. Be honest about the breach and you will be able to restore the public’s trust. Let them know that you are in control of the situation and will do everything in your power to make it right. You can make it right by preventing it from happening again.

Get more details about breach notification guidelines on the U.S. Department of Health & Human Services’ website.

Prevention

You should be upfront about how the breach occurred. When you are honest with this, you will be able to talk about how you will prevent the same situation from repeating itself. If the cause was employee mishandling of information, develop a plan for how you will educate employees in the future of safety protocols and how you are adopting tech systems to assist in preventing user error.

You never know how a security breach will happen to you, but you should be prepared to handle a variety of circumstances. Your business can take steps now to prevent yourself from needing to have a crisis plan. Talk to us about developing an incident response plan.


comments powered by Disqus

From Our Experts

VGM Calls for Heartland Conference Speakers thumbnail VGM Calls for Heartland Conference Speakers VGM is now accepting proposals from prospective speakers for its annual Heartland Conference. SoClean Launches Device to Disinfect Phones, Keys, Household Items thumbnail SoClean Launches Device to Disinfect Phones, Keys, Household Items SoClean recently launched Device Disinfector, which allows for multiple small household items to be disinfected in 10 minutes. Using activated oxygen, it kills up to 99.9% of bacteria and viruses. 6 Ways to Make CPAP Repair Less Painful thumbnail 6 Ways to Make CPAP Repair Less Painful In this episode, we visit with Ronda Buhrmester, Sr. Director of Payer Relations & Reimbursement for VGM & Associates, and Dan Meyer, Chief Revenue Officer for Repair Authority, about providers' most pressing questions about CPAP repair and how Repair Authority has the solutions providers are looking for. Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing thumbnail Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing CGS Administrators recently sent out a news alert for Jurisdictions B and C. They aware of a claim payment issue in which some claims may have applied Medically Unlikely Edit (MUE) values incorrectly on the dates September 23, 2020 and September 24, 2020 only. Claims may have paid or denied in error as a result. CGS is correcting this issue and has indicated that it is a number 1 priority with them.  For more information, watch Ronda's vlog. HME - Past, Present & Future:  State of the Industry/Benchmarking Update thumbnail HME - Past, Present & Future: State of the Industry/Benchmarking Update I was honored to recently present at the 2020 HME News Business Summit, which was held Sept. 15-17, and, due to COVID-19, in a first-time “virtual” format. My session included a series of data, trends and analysis as to the state of the industry from 2010 to the present, and included financial and operational highlights from supplier submissions applicable to their 2019 results. Here is a summary of the presentation. Helping Your Employees Rebuild and Find Happiness thumbnail Helping Your Employees Rebuild and Find Happiness Every employee has a different set of circumstances coming at them, especially so far in 2020. While taking care of our employees, we still have businesses to run. To be successful, the best leaders will start with their employees. How do you help your employees to rebuild themselves and also find happiness? DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment thumbnail DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment VGM & Associates always enjoys highlighting our members who are a shining example of excellence in DME. The current business environment can be difficult to navigate and generating revenue can sometimes be a challenge. However, Michael Tracey shares with us how he helped lead Aspirus At Home Medical Equipment to success and provides tips for how Aspirus generates revenue. 10 Ways to Keep Your Employees Engaged During a Pandemic thumbnail 10 Ways to Keep Your Employees Engaged During a Pandemic In this episode, we sit down with Arienne Martinez, director of training and development for HOMELINK, a division of the VGM Group. Arienne chats with us about her recent article that was featured in the latest VGM playbook, “Protecting Your Most Important Asset: Your People,” about keeping your employees engaged during the pandemic, especially with much of the workforce working remote.