Data Breach & Health Care

Man with laptop As more and more stories are published detailing how even the largest health care systems can fall victim to data breaches, we are seeing an increase in requests for this type of coverage. Dealing with a data breach is an awful experience for everyone involved and can have significant financial, administrative and reputation-tarnishing effects.

Financial Costs
-Data breaches can result in lawsuits again you and/or your practice.
-Penalties/fines can be assessed for violations of HIPAA.
-Organizations/practices can be required to pay for credit-monitoring services for affected patients.

Administrative Costs
-Staff may have to send out letters to affected individuals.
-Staff may have to field inquiries from patients wondering if/how they were affected.

Reputation Costs

-Patients, quite simply, may leave the practice.
-Potential patients may avoid the practice.
-Practices may have to work hard to regenerate trust and re-establish respect within the community.

Interestingly, while many think of identity theft in terms stealing someone’s identity to open credit cards, make purchases, etc, data is showing that almost as often data is being stolen for health care purposes –ie, to get expensive medical services, equipment, prescription drugs, etc. Medical identity theft is a growing form of identity theft, and health care providers and practices should take note. In addition to causing patients financial implications (being billed for services they didn’t receive), affected patients are also encountering potentially erroneous medical records or medical information in their record that doesn’t pertain to them, thus making the impact of the stolen identity even more problematic and potentially dangerous.

And, it is important to remember that data breaches don’t just happen when someone hacks into a server. They can also occur when laptops, iPads and other portable devices are lost or stolen or not properly protected with passwords, for example. Making matters worse, many health care practitioners are using their own personal (read: less secure) devices for work –like checking their work e-mail on their phone, thus multiplying the potential for a data breach.

What You Can Do
1. Make sure you have proper security protecting your various electronic systems and devices.
2. Put in place a protocol for employees about who can use what devices for which purposes and how and where such devices should be kept when not in use.
3. Get data breach coverage –because even the best-protected practices can still fall victim to hacks or lost devices.

This entry was posted in Risk Management on by .