How to Respond When Patient Data Has Been Compromised

Published in Member Communities on July 24, 2019

date image

Every business should have a plan in place for how they will respond to a crisis. This is even more true for healthcare industries where a crisis doesn’t just mean maintaining your own reputation, but the livelihood of your patients. You need to have a plan in place should a cyber security breach occur. Discuss these tips at your next board meeting and put a plan in place for how you will go about handling a situation like this.

Act Fast

A security breach is incredibly serious. Acting slow will only cost you more financially in the end. Delayed responses open up the opportunity for more patient data being stolen and compromised. Too often, companies try to deny that they have a security issue, or justify it by saying it’s minimal. The first step is to work with a trusted security company to determine if the incident caused patient data to leave your network and how many patient records were compromised. The results of this forensic work will determine if the incident was a breach.

It’s important to note that the laws and regulations differ per state. For example, in Iowa if you have more than 500 patient records that have been stolen it is considered a breach. Acting quickly can keep it from spiraling out of control and minimize the financial impact.

Be Honest

The public can sniff out a lie and any kind of fabrication fairly easily. Be honest about the breach and you will be able to restore the public’s trust. Let them know that you are in control of the situation and will do everything in your power to make it right. You can make it right by preventing it from happening again.

Get more details about breach notification guidelines on the U.S. Department of Health & Human Services’ website.

Prevention

You should be upfront about how the breach occurred. When you are honest with this, you will be able to talk about how you will prevent the same situation from repeating itself. If the cause was employee mishandling of information, develop a plan for how you will educate employees in the future of safety protocols and how you are adopting tech systems to assist in preventing user error.

You never know how a security breach will happen to you, but you should be prepared to handle a variety of circumstances. Your business can take steps now to prevent yourself from needing to have a crisis plan. Talk to us about developing an incident response plan.


comments powered by Disqus

From Our Experts

NCART: House Circulates Sign-On Letter for CRT Manual Wheelchair Accessories thumbnail NCART: House Circulates Sign-On Letter for CRT Manual Wheelchair Accessories NCART recently announced some good news from our Congressional champions. As we prepare for National CRT Awareness Week, Representatives John Larson (D-CT) and Lee Zeldin (R-NY) are circulating a bipartisan letter to CMS for additional signatures to ensure people with disabilities who use Complex Rehab Technology (CRT) manual wheelchairs have the same access as those using CRT power wheelchairs. We need you to get your Representative to sign on! HME News: Accessories: Time to Follow Up, Stakeholders Say thumbnail HME News: Accessories: Time to Follow Up, Stakeholders Say Complex rehab stakeholders are working with their champions in Congress to craft a letter asking CMS to permanently change its payment policy on accessories for complex rehab manual wheelchairs, according to a recent article from HME News. HME News Business Summit 2020 thumbnail HME News Business Summit 2020 Join us as we talk with Liz Beaulieu, Editor of HME News, about the upcoming virtual HME News Business Summit. DMEPOS Warriors: Brooke Strachan, Owner of The Boob Shop thumbnail DMEPOS Warriors: Brooke Strachan, Owner of The Boob Shop When hard times come, it's not always easy to think on the bright side. For Brooke Strachan, finding the positives in any situation is her philosophy, and this state of mind is what led to her owning her own business. More Details on Medicare Audits Beginning August 3 thumbnail More Details on Medicare Audits Beginning August 3 In recent meetings with CMS, The van Halem Group has learned that while the date to begin medical review functions is August 3rd, there will likely be a delayed time frame before audit requests officially go out. CMS is currently working to develop instructions for contractors and intends to take a "toe in the water” approach, as opposed to opening up a flood gate of audits. HME News: Challenging Fall Awaits Complex Rehab Providers thumbnail HME News: Challenging Fall Awaits Complex Rehab Providers Don Clayback, executive director of NCART, stated that complex rehab providers could see a downturn in revenues in late summer, early fall. 2020 HME Woman of the Year Nominations Open Through August 14 thumbnail 2020 HME Woman of the Year Nominations Open Through August 14 Now in its fifth year, the award, sponsored by VGM, recognizes one woman in the industry who has made increasingly significant contributions throughout her career to her company, community, and the home medical equipment industry. VGM's Mike Mallaro on How to Get to the Other Side thumbnail VGM's Mike Mallaro on How to Get to the Other Side The COVID-19 pandemic has broken the mold for how the HME industry has always done business, but that can create opportunity—if providers are open to it, says VGM CEO Mike Mallaro.