How to Respond When Patient Data Has Been Compromised

Published in Member Communities on July 24, 2019

date image

Every business should have a plan in place for how they will respond to a crisis. This is even more true for healthcare industries where a crisis doesn’t just mean maintaining your own reputation, but the livelihood of your patients. You need to have a plan in place should a cyber security breach occur. Discuss these tips at your next board meeting and put a plan in place for how you will go about handling a situation like this.

Act Fast

A security breach is incredibly serious. Acting slow will only cost you more financially in the end. Delayed responses open up the opportunity for more patient data being stolen and compromised. Too often, companies try to deny that they have a security issue, or justify it by saying it’s minimal. The first step is to work with a trusted security company to determine if the incident caused patient data to leave your network and how many patient records were compromised. The results of this forensic work will determine if the incident was a breach.

It’s important to note that the laws and regulations differ per state. For example, in Iowa if you have more than 500 patient records that have been stolen it is considered a breach. Acting quickly can keep it from spiraling out of control and minimize the financial impact.

Be Honest

The public can sniff out a lie and any kind of fabrication fairly easily. Be honest about the breach and you will be able to restore the public’s trust. Let them know that you are in control of the situation and will do everything in your power to make it right. You can make it right by preventing it from happening again.

Get more details about breach notification guidelines on the U.S. Department of Health & Human Services’ website.

Prevention

You should be upfront about how the breach occurred. When you are honest with this, you will be able to talk about how you will prevent the same situation from repeating itself. If the cause was employee mishandling of information, develop a plan for how you will educate employees in the future of safety protocols and how you are adopting tech systems to assist in preventing user error.

You never know how a security breach will happen to you, but you should be prepared to handle a variety of circumstances. Your business can take steps now to prevent yourself from needing to have a crisis plan. Talk to us about developing an incident response plan.


comments powered by Disqus

From Our Experts

Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN thumbnail Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN A major part of business development is understanding your payer mix and which products and services should be reimbursable versus cash sale items. What could you bundle together in your offering to expand business—specifically items that can be sold for retail alongside your reimbursable items? You might not necessarily offer everything right now, but these are the areas you can look to expand into. This resource outlines how to navigate reimbursement to help grow your business. U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience thumbnail U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience Complex rehab providers attending VGM's 20th Heartland Conference will have the opportunity to increase their expertise in repairing and programming complex rehab wheelchairs as part of U.S. Rehab's Tech Training. VGM & Associates Releases Customer-Centric Playbook thumbnail VGM & Associates Releases Customer-Centric Playbook VGM & Associates has released the third installment of their 2021 quarterly playbook series, which contains insight and best practices for making your business customer-centric. Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow thumbnail Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow Get great advice and more during the Heartland Conference Panel: Procurement, Inventory Management & Cash Flow moderated by Gerry Finazzo. During this session, attendees will learn how to identify ways to improve purchasing practices, mitigate inventory liability, identify ways to increase cash flow and lower activity costs. An Inside Look with Clint, Episode 8: VGM Government thumbnail An Inside Look with Clint, Episode 8: VGM Government President of VGM & Associates, Clint Geffert, sat down with John Gallagher, vice president of VGM Government, to discuss how VGM Government helps VGM members navigate the complexities of the legislative process and the importance of grassroots advocacy in the HME industry. Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC thumbnail Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC Vets First DME began at the intersection of preparation and opportunity, with a dash of circumstance. Read more about the amazing Hoover family as they combined the family's knowledge and experience to start Vets First DME, LLC. CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories thumbnail CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories CMS announced a 90-day extension of the suspension of the application of Medicare Competitive Bidding Program pricing to CRT manual wheelchair accessories. The current policy will stay in place through October 1 and there will not be any payment cuts or claims processing changes. Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! thumbnail Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! The HME supplier has always had challenges in getting paid timely and accurately for the items and services they provide to their customers. This is an assumed cost of doing business but the HME supplier still does this because of the reward of taking care of their customers. But nothing has challenged the supplier as much as when a customer has a Medicare Advantage Plan or an MCO.